Re: IPSEC Pass Through

rolandshum · ‎04-28-2006

Is it possible to get IPSEC to pass through my Pix from the inside to the outside? I am using a 525 with OS version 6.3 configured with PAT.

I've been doing some research that indicates this isn't possible. When the Pix does the PAT it invalidates the IPSEC encrypted packet.

froggy3132000 · ‎04-28-2006

nat-traversal

Fernando_Meza · ‎04-29-2006

Are you initiating IPsec traffic from a device which is located behind the Inside interface of the PIX ..?

If that is the case you need to have a couple of instructions on your PIX

isakmp nat-traversal 20

sysopt connection permit-ipsec

You might also need to allow UDP 500, UDP 4500 port 50 and 51 in both directions ..

And also the device initiating the traffic needs to be NAT traversal aware.

Please rate if it helps.

rolandshum · ‎04-29-2006

Yes I'm initiating IPsec traffic from a device which is located behind the Inside interface of the PIX.

The devices are usually PC's using some sort of VPN client.

Thanks for the information. I'll have to look up the nat-transversal command. I'm not sure if running PAT would make a difference. At least I have a direction to look at now.

Fernando_Meza · ‎04-29-2006

Also if your clients are using PPTP then you need to create fixup protocol pptp 1723 to let that traffic traverse the PIX.

haa .. please rate it if you think the info been given helps !!!