VPN clients behind NAT boundary

Unanswered Question
Nov 20th, 2008

Recently, our PIX-525 was upgraded from v6.3.5 to v.8.0.4. Since the upgrade, the PIX no longer allows connections from remote access clients that are behind a NAT boundary. Most of our clients are running WinXP or Vista.

I have entered the 'cry isa nat-t 60' command, but connections are still not allowed. Remote access is working correctly for all clients who are not behind a NAT boundary, so the issue is definitely with NAT traversal.

Below is my DefaultRAGroup setup. I am sure that it is something I am mising with reagrds to the new commands present in version 7.0 and above, as I am only used to working with v6.3.

tunnel-group DefaultRAGroup general-attributes

address-pool remote-pool

authentication-server-group (outside) RADIUS

default-group-policy 2

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

no authentication ms-chap-v1

authentication ms-chap-v2

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion