Problem: VPN Behind PIX with NAT

Unanswered Question
May 16th, 2002
User Badges:

I have a problem sending data with a W2K PC running Cisco VPN 3.5.1 from behind a PIX which is running NAT. If I am not wrong, the NAT on the PIX is incorrectly translating the IPSEC packets from the VPN Client (or something like that). What do I need to do to solve this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mklaphek Fri, 05/17/2002 - 12:39
User Badges:

The PIX isn't really incorrectly translation the packets. If you're using PAT, IPSec will fail because IPSec uses ESP and AH which are not TCP or UDP (IP ports 50 and 51, I believe).

All you should need to do to make it work is to make sure that the client has IPSec through NAT enabled and that the concentrator has IPSec over UDP or TCP enabled. In the negotiating process, they will select this method of transport.

Hope this helps.


This Discussion