Between the pix and the cisco router. Using pre-share, 3des, sha and nat-T.
router 1 performs Nat over every single address which comes from the Pix. AND it performs Nat over the Pix's address. When a tunnel starts IKE, the cisco either say "Error no pre-share key for Ip2 "(the only global address of TGI)
or if we configure it to accept ip2 as a peer, we got a mismatch in the IKE generated keys : The pix uses Ip1 and Ip4 for Diffie-Hellmann's algorithm and the cisco router Ip4 and Ip2.
We don't have that kind of problem with another Vpn we made between the pix and the netscreen.
Is there a magical configuration of one or another material (and we can't change what Router1 is doing) to make it work?
The client was filtering some Ipsec ports (sigh). But still, If the Vpn works, we can't connect the inside network : we can send and receive encrypted data but the client can only send and receives nothing.
And I have seen the Nat 0 problem long ago and configured it well.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...