cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
226
Views
0
Helpful
1
Replies

IPSec Passthru on a PIX 501

cdrscott
Level 1
Level 1

My Office recently purchased a Pix 501 firewall.

We administer 8 different Pix 501 Firewalls at remote sites. I have installed pix version 6.3(1) and PDM 3.0(1). I need to be able to vpn to these remote site to assist with server maintenance ect...

I enabled the Fix-up esp-ike and I am able to negotiate a vpn tunnel to all the sites. But I am not able to pass traffic thru the tunnel. I have read several other conversations that are similar to my problem but am not sure what to do.

Do I need to use the command isakmp nat-traversal on my firewall or the remote firewalls?

Is there an accesslist that I have to put in to my firewall, and If so What is it?

Any help would be greatly appreciated thanks

1 Reply 1

jsivulka
Level 5
Level 5

We can set up the pix to pass most any type of traffic we want. We either need to create an access list or conduit that permits esp traffic, ex. conduit permit exp any any, or be sure that we have a translation for the inside traffic on it's way out. We do that with either a static (inside,outside) statement, or a nat (inside)1 and global (outside)1 statements.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: