My provider seems to be filtering protocol 50 and I'm trying to get a VPN tunnel established between a Pix 501 running 6.3(1) and a VPN3015 running 4.0.1C
The ISAKMP SA comes up just fine and even negotiates the IPSec SA's, I just can't pass traffic.
This was working before they started blocking protocol 50 (damn Comcast cable internet provider)...
NAT-T won't come up because it doesn't believe that I'm going through nat (got a public address on each side...) is there any way to force NAT-T to negotiate so it encapsulates my traffic in UDP (port 4500?)
I really don't want to have to get a VPN3002 hardware client at home to have my site2site vpn running.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...