Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
319
Views
0
Helpful
1
Replies

Problem: VPN Behind PIX with NAT

jerry.liew
Level 1
Level 1

‎05-16-2002 02:45 AM - edited ‎02-21-2020 11:45 AM

I have a problem sending data with a W2K PC running Cisco VPN 3.5.1 from behind a PIX which is running NAT. If I am not wrong, the NAT on the PIX is incorrectly translating the IPSEC packets from the VPN Client (or something like that). What do I need to do to solve this?

Labels:
0 Helpful
1 Reply 1

mklaphek
Level 1
Level 1

‎05-17-2002 12:39 PM

The PIX isn't really incorrectly translation the packets. If you're using PAT, IPSec will fail because IPSec uses ESP and AH which are not TCP or UDP (IP ports 50 and 51, I believe).

All you should need to do to make it work is to make sure that the client has IPSec through NAT enabled and that the concentrator has IPSec over UDP or TCP enabled. In the negotiating process, they will select this method of transport.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents