Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX, VPN, PAT and Statics

I want to enable both incoming and outgoing VPN connections on a PIX configured with PAT. I have enabled ESP and UDP/500 on the appropriate access lists, but need to provide a static for the inbound traffic. I already utilise a static for inbound SMTP traffic and I can see how to do the same for udp/500 but how do I do this for the ESP traffic?

Any suggestions gratefully rcvd.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX, VPN, PAT and Statics

If you're referring to port statics, you can't create one for ESP since port statics can only be created for TCP/UDP and ESP sits right on top of IP, it is NOT a TCP/UDP protocol. You'll have to create a one-to-one static for this internal VPN server and have your clients connect to that address. This will chew up another global IP address, sorry.

1 REPLY
Cisco Employee

Re: PIX, VPN, PAT and Statics

If you're referring to port statics, you can't create one for ESP since port statics can only be created for TCP/UDP and ESP sits right on top of IP, it is NOT a TCP/UDP protocol. You'll have to create a one-to-one static for this internal VPN server and have your clients connect to that address. This will chew up another global IP address, sorry.

83
Views
0
Helpful
1
Replies