Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote Access VPN Client through NAT

I currently have a PIX506e configured to provide remote vpn access to Cisco VPN Clients. A single client is able to connect successfully and have the intended network access. However as soon as I connect an additional client to the firewall from the same location (both addresses are NATed as the same address)both tunnels will stop working or one will not be able to connect.

Is the problem I'm experiencing because both of the clients have the same public address after NAT, or is it something else? Is there a way to work around this?

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: Remote Access VPN Client through NAT

Hi,

Many to one NAT won't work if you are using ESP.

The solution for this is to enable NAT-T on PIX as well as the VPN client.

On PIX:

The following command enables NAT-T (For codes later than 6.3)

isakmp nat-traversal

On VPN Client:

On Transport Tab, check the 'Enable Transport Tunneling' Tab & select 'IPSec over UDP (NAT/PAT)'

HTH

Regards,

Shijo George.

2 REPLIES
Bronze

Re: Remote Access VPN Client through NAT

Hi,

Many to one NAT won't work if you are using ESP.

The solution for this is to enable NAT-T on PIX as well as the VPN client.

On PIX:

The following command enables NAT-T (For codes later than 6.3)

isakmp nat-traversal

On VPN Client:

On Transport Tab, check the 'Enable Transport Tunneling' Tab & select 'IPSec over UDP (NAT/PAT)'

HTH

Regards,

Shijo George.

New Member

Re: Remote Access VPN Client through NAT

Thanks for you help. I didnt realize there was a separate nat-traversal command for isakmp. My problem is resolved.

119
Views
0
Helpful
2
Replies
CreatePlease to create content