04-28-2006 05:39 AM - edited 02-21-2020 02:23 PM
Is it possible to get IPSEC to pass through my Pix from the inside to the outside? I am using a 525 with OS version 6.3 configured with PAT.
I've been doing some research that indicates this isn't possible. When the Pix does the PAT it invalidates the IPSEC encrypted packet.
04-28-2006 09:16 AM
nat-traversal
04-29-2006 02:00 AM
Are you initiating IPsec traffic from a device which is located behind the Inside interface of the PIX ..?
If that is the case you need to have a couple of instructions on your PIX
isakmp nat-traversal 20
sysopt connection permit-ipsec
You might also need to allow UDP 500, UDP 4500 port 50 and 51 in both directions ..
And also the device initiating the traffic needs to be NAT traversal aware.
Please rate if it helps.
04-29-2006 10:40 AM
Yes I'm initiating IPsec traffic from a device which is located behind the Inside interface of the PIX.
The devices are usually PC's using some sort of VPN client.
Thanks for the information. I'll have to look up the nat-transversal command. I'm not sure if running PAT would make a difference. At least I have a direction to look at now.
04-29-2006 02:30 PM
Also if your clients are using PPTP then you need to create fixup protocol pptp 1723 to let that traffic traverse the PIX.
haa .. please rate it if you think the info been given helps !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide