Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Problem: VPN Behind PIX with NAT

I have a problem sending data with a W2K PC running Cisco VPN 3.5.1 from behind a PIX which is running NAT. If I am not wrong, the NAT on the PIX is incorrectly translating the IPSEC packets from the VPN Client (or something like that). What do I need to do to solve this?

1 REPLY
New Member

Re: Problem: VPN Behind PIX with NAT

The PIX isn't really incorrectly translation the packets. If you're using PAT, IPSec will fail because IPSec uses ESP and AH which are not TCP or UDP (IP ports 50 and 51, I believe).

All you should need to do to make it work is to make sure that the client has IPSec through NAT enabled and that the concentrator has IPSec over UDP or TCP enabled. In the negotiating process, they will select this method of transport.

Hope this helps.

79
Views
0
Helpful
1
Replies
CreatePlease to create content