Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSEC Pass Through

Is it possible to get IPSEC to pass through my Pix from the inside to the outside? I am using a 525 with OS version 6.3 configured with PAT.

I've been doing some research that indicates this isn't possible. When the Pix does the PAT it invalidates the IPSEC encrypted packet.

4 REPLIES
New Member

Re: IPSEC Pass Through

nat-traversal

Re: IPSEC Pass Through

Are you initiating IPsec traffic from a device which is located behind the Inside interface of the PIX ..?

If that is the case you need to have a couple of instructions on your PIX

isakmp nat-traversal 20

sysopt connection permit-ipsec

You might also need to allow UDP 500, UDP 4500 port 50 and 51 in both directions ..

And also the device initiating the traffic needs to be NAT traversal aware.

Please rate if it helps.

New Member

Re: IPSEC Pass Through

Yes I'm initiating IPsec traffic from a device which is located behind the Inside interface of the PIX.

The devices are usually PC's using some sort of VPN client.

Thanks for the information. I'll have to look up the nat-transversal command. I'm not sure if running PAT would make a difference. At least I have a direction to look at now.

Re: IPSEC Pass Through

Also if your clients are using PPTP then you need to create fixup protocol pptp 1723 to let that traffic traverse the PIX.

haa .. please rate it if you think the info been given helps !!!

149
Views
7
Helpful
4
Replies
CreatePlease to create content