The linksys vpn router is making the connection to the cisco pix. A tunnel does get established but no information is passing through. The nokia 330 is a third party. They use nat and providing me with a private address inside. They also assigned me a public address on the outside of the nokia box too. Just by forwarding anything that comes to the outside of the nokia box to the inside, should I still be able to establish a working and funtional ipsec tunnel? A tunnel is created, but unable to ping the other side of the pix 506e.
As long as the Nokia has a static one-to-one mapping for the PIX address, and the LinkSys has that NAT'd address as it's IPSec peer, AND you're only doing ESP and not AH, then you should be fine.
Is the Nokia doing any firewalling at all? Make sure you're allowing UDP port 500 (ISAKMP) and IP Protocol 50 (ESP) through it. Remember that the tunnel is built with ISAKMP packets, so they're obviously getting through OK, but then all data is sent in ESP packets, so they may be being blocked somewhere.
Have you also made sure the encrypted packets are NOT NAT'd by the PIX with a "nat (inside) 0 ..." statement that matches your crypto ACL traffic?
Are you able to check the stats on both the LinkSys and the PIX after you do a ping and see if either device is sending and/or receiving encrypted packets? Use the "sho cry ipsec sa" command on the PIX and look at the packets encap and decap counters. Don't know what the corresponding command is on the LinkSys but it should have something similar. This should give you an indication of where the fault lies.
And last but defintely not least, keep in mind that you won't be able to ping the inside interface of the PIX over the tunnel. You can't ping a PIX interface address when you come in over nother interface, even over a VPN. You'll have to try pinging a host behind the PIX to test this properly, but make sure that host has a default route pointing to the PIX inside interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...