Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Requirements for nat-traversal in pix

Hi,

Which are the requirements for using the "isakmp nat-traversal" command in pix software 6.3.3?

Some pointers:

- Is it necessary to use EasyVPN or one can use the traditional method?

- Is it necessary to use "isakmp identity hostname" or it does not matter and one can use "isakmp identity address"

- Can pre-shared keys be used?

- Anything else considered important...

Thanks in advance,

2 REPLIES
Silver

Re: Requirements for nat-traversal in pix

To answer one of your questions, pre-shared keys can be used....

New Member

Re: Requirements for nat-traversal in pix

thanks for your answer.

Well, here is my auto-answer to all my questions afeter the fight:

- It's not necessary to use EasyVPN

A nice document showing that nat-traversal is vendor independant:

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-reqts-06.txt

- It's not necessary to use identity hostname

- Pre-shared keys can be used

- Anything else important: do not redirect traffic on the outside interface of a pix using the same IP address that you use for IPSec or you'll have problems. I ended using one IP of a range for the pix and IPSec and other IP for DMZ hosts.

Luck to all,

chabral

86
Views
0
Helpful
2
Replies