11-18-2003 02:15 PM - edited 02-21-2020 12:52 PM
I am trying to configure a client as follows:
User is running Cisco VPN Client 4.0. They are behind a PIX 515E 6.1(4), and I need to connect to a VPN concentrator that is outside of our network. We use PAT for address translation. As far as I can tell, to allow 1 ipsec tunnel through the firewall, I need to upgrade the pix to 6.3 and enable 'fixup protocol esp-ike'
Is there another way to do this? I'm also curious how much easier/better this would work if we were dealing with pptp.
Solved! Go to Solution.
11-19-2003 05:40 AM
You don't necessarily have to have fixup protocol esp-ike enabled. Does the remote concentrator have NAT-T encapsulation enabled so that clients behind NAT can function?
11-19-2003 05:40 AM
You don't necessarily have to have fixup protocol esp-ike enabled. Does the remote concentrator have NAT-T encapsulation enabled so that clients behind NAT can function?
11-19-2003 05:26 PM
That was it. Remote organization needed to enable IPSec over UDP in the group config, which I believe is what you're talking about. Thanks for the tip.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide