When I try to use my VPN Client to conect my office from a LAN (in this case a Hotel) that uses a PIX 501as their firewall it doesn't work at all (peer not responding although Internet access does work).
If I connect directly to the hotel's ADSL router Vpn works great.
Seems that the hotel's pix blocks vpn traffic, what should I change at their Pix config to allow guests use their laptop's vpn clients?
You are probably running into a IPSEC through NAT issue where the PIX is doing the nating. Are you terminating to a vpn concentrator? If so, you can do tcp over ipsec/nat transperancy etc, to get over these issues. If you are using a router or pix to terminate your vpn clients then you should just use the ADSL connection for now as they do not have those features yet.
I am running into the same issue with a SOHO. I cannot pass traffic through to a VPN Concentrator (Nortel Contivity 1000). Could you please tell me, or point me to a tech note that explains ipsec/nat transparency. Your help is greatly appreciated.
The PIX doesn't yet support IPSEC passthrough, unlike cheaper products from Linksys et al. I understand it is something being addressed for a future version of software. As the above message says, there is a work-around if you are using a VPN con centrator, but if your are doing standards based IPSEC to a router or to another manufacturers box (Contivity) then you are stuck for the moment.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...