establishing a VPN connection through a NAT

Unanswered Question
May 18th, 2010
User Badges:

here's a basic network diagram:

*internet* ---- [cisco 831] ---- [pix 501] ---- *internal network*

i want the ablity to connect to my network when i'm away from home.  i configured the pix and tested it; i can establish a secure tunnel.

unfortunately, i don't know how to forward all ipsec traffic from the internet, through the 831, and to the pix.

can someone help out with the port forwarding commands and the inbound access list, if i need one of those too?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

You need a static IP address on the Router or PIX.

The you need to forward the relevant Protocols & TCP/UDP "Thru" the router to the PIX.

Protocol 50

UDP 500

UDP 4500

Enable NAT-T on the PIX to allow UDP/TCP encapsulation of IPSEC traffic, this will enable you to use networks that do not allow IPSEC traffic accrosd them.


rimbertr1 Tue, 05/18/2010 - 12:38
User Badges:

In addition to what Andrew posted, I believe you will also need to allow IP protocol 51 (Authentication Header) through your 831.


This Discussion