Re: NAT Traversal of PIX501

e.l · ‎11-12-2002

Dear All,

Question regarding PIX501 NAT Traversal. The following is the network diagram.

VPN3000-----Internet----ISDN Network-------NAT router-----PIX501

- VPN Tunneling between VPN3000 and PIX501 . PIX501 configured as hardware client.

- NAT router doing PAT for PIX501 Outside interface`s network. PAT address is the public IP address assigned from ISDN Provider.

I am aware that the PIX501 is able to create a VPN tunnel if the NAT router (Cisco 827) is configured using "IPSec passthrough". Already tested and it worked.

My question is , are there another ways other than "IPSec passthrough" for PIX501 NAT traversal solution ?

Appreciate for any reply

Best Regards,

Engel

edadios · ‎11-13-2002

there is no configuration on the router or pix for nat transparency or tcp transparency as a client.

Regards,

e.l · ‎11-14-2002

Hi Dadios,

Thanks for your reply. As you pointing at, I am thinking of the following solutions for NAT traversal of PIX501:

1. IPSec Passthrough (tested)

2. IPSec over UDP ( not implemented, according to your post)

3. IPSec over TCP ( not implemented, according to your post).

Regarding number 2 and 3, do you have information that the two solutions above are in the roadmap of PIX development ?

Appreciate for any info.

Best Regards,

Engel

edadios · ‎11-14-2002

For information on question 2 and 3, it would be best to contact your account manager or sales.

Regards,