Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec Passthru on a PIX 501

My Office recently purchased a Pix 501 firewall.

We administer 8 different Pix 501 Firewalls at remote sites. I have installed pix version 6.3(1) and PDM 3.0(1). I need to be able to vpn to these remote site to assist with server maintenance ect...

I enabled the Fix-up esp-ike and I am able to negotiate a vpn tunnel to all the sites. But I am not able to pass traffic thru the tunnel. I have read several other conversations that are similar to my problem but am not sure what to do.

Do I need to use the command isakmp nat-traversal on my firewall or the remote firewalls?

Is there an accesslist that I have to put in to my firewall, and If so What is it?

Any help would be greatly appreciated thanks


Re: IPSec Passthru on a PIX 501

We can set up the pix to pass most any type of traffic we want. We either need to create an access list or conduit that permits esp traffic, ex. conduit permit exp any any, or be sure that we have a translation for the inside traffic on it's way out. We do that with either a static (inside,outside) statement, or a nat (inside)1 and global (outside)1 statements.

CreatePlease to create content