Cisco Support Community
Community Member

vpn 3000 Concentrator and ADSL client

I have a vpn 3030 concentrator .My client maybe connect the concentrator through adsl. I want to know whether the client should has a public ip address or can use private ip address through pat or nat to connect the internet?

Cisco Employee

Re: vpn 3000 Concentrator and ADSL client

They could have either.

If they use a public address, then it is a normal connection. If it is using a private addr, and then

there is a device doing nat or pat, then you could use IPSec thru UDP or IPSec thru TCP, designed to deal with this kind of scenarios. IPSec thru UDP is a group attribute on the 3000, while the TCP is a global attribute. Both should be enabled on the client properties, depending which method would be used. See materials on:

Community Member

Re: vpn 3000 Concentrator and ADSL client

I have a question about this feature. If I read the IETF RFC, and specially this one, it looks that IPSec over UDP is not just to add a UDP field, but also to disable the IKE Proxy ID Check (IKE Phase 2) or changing the IKE selector to match the one on the IP header. Am I wrong? Could you help me to understand?



CreatePlease to create content