Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
1
Replies

Use Static PAt to pass IPSEC ESP through Pix

jgiacobbe
Level 1
Level 1

‎04-26-2006 06:40 AM - edited ‎02-21-2020 02:23 PM

I am trying to pass a vpn through a pix firewall using pat. I have found examples using NAT but don't have a free public IP to use. I have found examples for how to do this in IOS but not the PIX.

Looking for PIX equivilent to these IOS commands.

ip nat inside source static esp <internal IP> <external IP>

ip nat inside source static udp <internal IP> <external IP> 500

I can do the second command easily but cannot find the right syntax for the command to forward esp.

Labels:
0 Helpful
1 Reply 1

jgiacobbe
Level 1
Level 1

‎04-26-2006 07:00 AM

Sorry guys figured it out myself. I need to use NAT-T to encapsulate the esp packets as UDP 4500 and use pat to forward those packets.

See http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094ecd.shtml#t5

For a configuration example. After actualy reading the entire article it made sense.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents