Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

transparent tunneling on cisco pix501


Is transparent tunneling enabled by default or do you have to config it?

If i use tcp 10000, i only have to creat 1 access-list to allow traffic in on that port right?



  • Other Security Subjects

Re: transparent tunneling on cisco pix501

pix only use nat-t, which uses udp 4500. you do not need to open a hole for it in your ACL if you use "sysopt connection permit-ipsec"

It is not enabled by default. You need to:

isakmp nat-traversal 20

20 is the time between keepalives

New Member

Re: transparent tunneling on cisco pix501

i have the following..

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

when a vpn client connection is made, it always says that the transparent tunneling is inactive.


New Member

Re: transparent tunneling on cisco pix501

Have you tried the fixup for IKE? Try this:

fixup protocol esp-ike

That's on v. 6.3(1) and newer...

New Member

Re: transparent tunneling on cisco pix501

PAT for ESP cannot be enabled since ISAKMP is enabled. Please correct your conf

iguration and re-issue the command!

that's what i got when i issued the fixup protocol esp-ike command. using version 6.3(1)


This widget could not be displayed.