Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Getting VPN to work through PAT

My pix 515e FW arrives tomorrow to complete a job and the current setup I was planning on doing will go like this. Router with a single IP address, NAT to inside port of router with a static router created for both directions, then Pix FW PAT on outside interface NAT to internal. I was planning on using the FW as the VPN server, and I keep hearing how IPSec doesnt like PAT. Am I going to have a major problem with the setup I was planning to implement? If I am where can I get good reference material to get the network up and running.

thanks Greg

3 REPLIES
VIP Purple

Re: Getting VPN to work through PAT

As long as the outside interface of the PIX is a public IP, and nothing is doing NAT/PAT between it and the Internet you wont have any grief.

All you end up doing is to create an Access list where you tell the PIX not to NAT VPN traffic.

New Member

Re: Getting VPN to work through PAT

Pix firewall does not support PAT connection to its VPN. Only the VPN concentrator can do this via UDP port 10000 by default.

New Member

Re: Getting VPN to work through PAT

If I'm a client behind pat I can vpn to a Pix. The limitation is that only the first client will work. I have 2 of these running right now.

118
Views
0
Helpful
3
Replies
CreatePlease to create content