Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
0
Helpful
3
Replies

PIX (FOS 6.3) Nat traversal for VPN?

0r8it
Level 1
Level 1

‎01-20-2006 05:06 AM - edited ‎02-21-2020 02:12 PM

Hi there- anyone have a sample config for Nat traversal on a PIX (501) running 6.3?

Sadly, I only have a single public IP, used by my router, and the ISP doesn't support PPPoE. So, my layout looks like this:

(ISP)---(Router)--(PIX)--LAN

As a result, I'm having to do RFC NAT on both the router and the PIX, and this is causing problems with terminating a PPTP (Windows) VPN on the PIX.

Anyone have a sample config that would help with this?

Cheers!

Labels:
0 Helpful
3 Replies 3

monkeyboy
Level 1
Level 1

‎01-20-2006 06:49 AM

...just put this in your usual vpn config:

isakmp nat-traversal 20

this encapsulates ipsec into udp port 4500

...if it's a site-to-site vpn make sure it's on both pixes

0 Helpful

0r8it
Level 1
Level 1
In response to monkeyboy

‎01-21-2006 02:07 AM

Cheers Monkeyboy, I'll try this out as soon as I can.

Interesting command- I wonder what the "20" denotes?

Thanks

0 Helpful

0r8it
Level 1
Level 1
In response to 0r8it

‎01-21-2006 02:29 AM

Just found out- 20 is a timer.

0 Helpful
Customers Also Viewed These Support Documents