Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

506 NAT IPSec

I was wondering if it was possible to have an IPSec tunnel originate within a local area network that sits behind a 506 with NAT'ing enabled(Using WatchGuard IPSec client to make connection). I have tried to use the following command to get this to work to no avail.

sysopt connection permit-ipsec command

The IPSec client that resides behind the firewall requires authentication header and I assume that is where my problem lies. Much thanks in advance.

1 REPLY
Cisco Employee

Re: 506 NAT IPSec

AH and NAT by definition cause trouble. You should try changing transform proposal to ESP (eliminate AH).

Vijay

83
Views
0
Helpful
1
Replies
CreatePlease to create content