Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX (FOS 6.3) Nat traversal for VPN?

Hi there- anyone have a sample config for Nat traversal on a PIX (501) running 6.3?

Sadly, I only have a single public IP, used by my router, and the ISP doesn't support PPPoE. So, my layout looks like this:

(ISP)---(Router)--(PIX)--LAN

As a result, I'm having to do RFC NAT on both the router and the PIX, and this is causing problems with terminating a PPTP (Windows) VPN on the PIX.

Anyone have a sample config that would help with this?

Cheers!

3 REPLIES
New Member

Re: PIX (FOS 6.3) Nat traversal for VPN?

...just put this in your usual vpn config:

isakmp nat-traversal 20

this encapsulates ipsec into udp port 4500

...if it's a site-to-site vpn make sure it's on both pixes

New Member

Re: PIX (FOS 6.3) Nat traversal for VPN?

Cheers Monkeyboy, I'll try this out as soon as I can.

Interesting command- I wonder what the "20" denotes?

Thanks

New Member

Re: PIX (FOS 6.3) Nat traversal for VPN?

Just found out- 20 is a timer.

454
Views
0
Helpful
3
Replies
CreatePlease login to create content