Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT Traversal of PIX501 with EzVPN configuration

Dear All,

The diagram as below:

Net1---PIX501---Router1---ISDN Network---Router2---VPN3000---Net2

1. Router1 is NATting the ip address of PIX501`s outside interface with

its public IP address assigned by the router2.

2. PIX501 configured with "Network Extension Mode" and acting as a

hardware client (EzVPN) to the VPN3000.

Does the above configuration possible ?

Appreciate for any help

Regards,

Engel

2 REPLIES
New Member

Re: NAT Traversal of PIX501 with EzVPN configuration

The above diagram should work. Here is a Url that will help with the configuration.

http://www.cisco.com/warp/public/110/pix-ios-easyvpn.html#configure

New Member

Re: NAT Traversal of PIX501 with EzVPN configuration

Thanks for the link. We found no problem with the diagram in the link. But if the PIX501 is behind a NAT device, then it couldn`t terminate the VPN tunnel to the Concentrator. If we are using VPN3002 (hardware client of VPN3000 series) , "IPSec over UDP" or "IPSec over TCP" will make it able to pass the ESP packet through the NAT device. I think , this feature is not available in PIX501. Would like to see if anyone has a workaround.

Regards,

Engel

122
Views
4
Helpful
2
Replies
CreatePlease to create content