PIX 6.3 Nat-traversal won't work, except to another 6.3 PIX
A client has a PIX 515UR I just upgraded to 6.3 to use isakmp nat-traversal. Off one of the DMZ ports hangs a Cisco BBSM server, behind which serves the resort's wireless hotspots. Resort attendees need to VPN back to wherever through the PIX, which is already terminating some client VPN sessions from the outside that use Cisco's VPN client so it was already successfully configured for inbound IPSec.
Adding the isakmp nat-traversal command has not helped. You still get the remote peer not responding. What is interesting is if you upgrade the target PIX at the other end to 6.3 AND enable isakmp nat-traversal on it, everything works great. A couple of my other clients hd PIX's already running 6.3, so I was able to use them for experimentation. 6.3 by itself doesn't do it.
This doesn't help me much as who knows what type of VPN termination the hotspot users have. Even if a PIX, you obviously can count on it having 6.3 and the option enabled. What is the deal? What am I missing? Is it a case that Cisco is the last to support this and clients should be fine if they're terminating on most other vendor's equipment? We opened a TAC case yesterday but the engineer never responded or was reachable.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :