Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Fixup protocol esp-ike and EZ-VPN server

I am using PIX515E with 6.3 as EZ-VPN server so users use a Cisco VPN client for inbound connection into a private network.

At the same time inside users want to use a VPN client for outbound IPSec connection. The problem is when PAT is used for outbound traffic.

I have found a fixup protocol esp-ike that supports one ESP tunnel through PAT in 6.3.

But there is a warning in documentation: "when the PIX Firewall has this feature enabled, it cannot terminate VPN tunnels in relation to other IPSec peers".

Is this true / a problem even if IP addresses of PAT and EZ-VPN are different?

Cisco Employee

Re: Fixup protocol esp-ike and EZ-VPN server

Unfortunately yes, this is a limitation of the ESP thru PAT feature at the moment, hopefully it will be remedied in later releases but at the moment the PIX can't terminate any tunnels with this feature enabled, regardless of IP address.

CreatePlease to create content