Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Forcing NAT-T on Pix 6.3(1) to VPN 3015?

My provider seems to be filtering protocol 50 and I'm trying to get a VPN tunnel established between a Pix 501 running 6.3(1) and a VPN3015 running 4.0.1C

The ISAKMP SA comes up just fine and even negotiates the IPSec SA's, I just can't pass traffic.

This was working before they started blocking protocol 50 (damn Comcast cable internet provider)...

NAT-T won't come up because it doesn't believe that I'm going through nat (got a public address on each side...) is there any way to force NAT-T to negotiate so it encapsulates my traffic in UDP (port 4500?)

I really don't want to have to get a VPN3002 hardware client at home to have my site2site vpn running.


New Member

Re: Forcing NAT-T on Pix 6.3(1) to VPN 3015?

I guess you can at least ask your ISP to open 50 port, they may do it if you request