02-06-2006 06:59 AM - edited 03-09-2019 01:51 PM
We had nat traversal working just fine on our PIX
515E bundle running ver 6.3.4
Allowing ah, esp, iskmp, udp port 500 in.
nat traversal enabled. sysopt permit-ipsec.
users behind the pix can estrablish vpn connections, but traffic does not pass. users can establish vpn & pass traffic just fine when they are in front of the pix. The users connect to various vpn devices that we have no control or access to
Solved! Go to Solution.
02-06-2006 12:40 PM
Hey Eric,
If I understand, the error occurs only for users behind your pix since an upgrade to 704?
Check if the following statements are present in your pix config:
isakmp nat-traversal 20
isakmp ipsec-over-tcp port 10000
isakmp enable outside
Also the error may occur because of some missing access-list for users behind the pix.
HTH
Mike
02-06-2006 12:40 PM
Hey Eric,
If I understand, the error occurs only for users behind your pix since an upgrade to 704?
Check if the following statements are present in your pix config:
isakmp nat-traversal 20
isakmp ipsec-over-tcp port 10000
isakmp enable outside
Also the error may occur because of some missing access-list for users behind the pix.
HTH
Mike
02-06-2006 03:38 PM
Thanks,
I didn't have the last two lines:
isakmp ipsec-over-tcp port 10000
isakmp enable outside
I'll try it when I get back to work in the am
02-07-2006 06:36 AM
the isakmp enable outside did the trick
had the nat-traversal in there already
and we are using the udp transport
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide