Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

nat traversal broken after upgrade to 7.04

We had nat traversal working just fine on our PIX

515E bundle running ver 6.3.4

Allowing ah, esp, iskmp, udp port 500 in.

nat traversal enabled. sysopt permit-ipsec.

users behind the pix can estrablish vpn connections, but traffic does not pass. users can establish vpn & pass traffic just fine when they are in front of the pix. The users connect to various vpn devices that we have no control or access to

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: nat traversal broken after upgrade to 7.04

Hey Eric,

If I understand, the error occurs only for users behind your pix since an upgrade to 704?

Check if the following statements are present in your pix config:

isakmp nat-traversal 20

isakmp ipsec-over-tcp port 10000

isakmp enable outside

Also the error may occur because of some missing access-list for users behind the pix.

HTH

Mike

3 REPLIES
Community Member

Re: nat traversal broken after upgrade to 7.04

Hey Eric,

If I understand, the error occurs only for users behind your pix since an upgrade to 704?

Check if the following statements are present in your pix config:

isakmp nat-traversal 20

isakmp ipsec-over-tcp port 10000

isakmp enable outside

Also the error may occur because of some missing access-list for users behind the pix.

HTH

Mike

Re: nat traversal broken after upgrade to 7.04

Thanks,

I didn't have the last two lines:

isakmp ipsec-over-tcp port 10000

isakmp enable outside

I'll try it when I get back to work in the am

Re: nat traversal broken after upgrade to 7.04

the isakmp enable outside did the trick

had the nat-traversal in there already

and we are using the udp transport

103
Views
0
Helpful
3
Replies
CreatePlease to create content