Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
2
Replies

Cisco VPN Client behind PIX 515E, --> VPN Concentrator

Go to solution
benhanson
Level 1
Level 1

‎11-18-2003 02:15 PM - edited ‎02-21-2020 12:52 PM

I am trying to configure a client as follows:

User is running Cisco VPN Client 4.0. They are behind a PIX 515E 6.1(4), and I need to connect to a VPN concentrator that is outside of our network. We use PAT for address translation. As far as I can tell, to allow 1 ipsec tunnel through the firewall, I need to upgrade the pix to 6.3 and enable 'fixup protocol esp-ike'

Is there another way to do this? I'm also curious how much easier/better this would work if we were dealing with pptp.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mostiguy
Level 6
Level 6

‎11-19-2003 05:40 AM

You don't necessarily have to have fixup protocol esp-ike enabled. Does the remote concentrator have NAT-T encapsulation enabled so that clients behind NAT can function?

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mostiguy
Level 6
Level 6

‎11-19-2003 05:40 AM

You don't necessarily have to have fixup protocol esp-ike enabled. Does the remote concentrator have NAT-T encapsulation enabled so that clients behind NAT can function?

0 Helpful

Go to solution
benhanson
Level 1
Level 1
In response to mostiguy

‎11-19-2003 05:26 PM

That was it. Remote organization needed to enable IPSec over UDP in the group config, which I believe is what you're talking about. Thanks for the tip.

0 Helpful
Customers Also Viewed These Support Documents