I am really struggling to find a good document that fully explains what forms of VPN can and can't be achieved thru a NATT'D network. At present I am offering ISP services across my network that are NATT'D by a 7206VXR from our internet gateway, thru a PIX 525 and then via GigEthernet switch (6509) to the customers who are provisioned off a cat3500 series switch.
Any pointers woulld be most welcome! I have been told that IPSec will not work but am sceptical as to this generalisation!
There is no one solution that fits the bill, it would be depending on what you have as a vpn headend and where the nat device is. Here are some scenarios:
IOS rtrB ---nat device--sitevpn--IOS rtr A, this would work as long as you peer with the translated addr of B, and use only esp, if your nat device is an IOS doing pat then refer to the link I have provided before regarding how to pass ipsec tunnel through a router doing pat.
IOS rtr or PIX as VPN ---nat device---vpn client, this currently would not work as
IOS or the PIX doesn't support nat transparency as yet.
VPN 3000 ---nat device ---3002 client or Cisco software client, this would work because both client and VPN 3000 supports nat tranparency
Now if you use other software client like Microsoft for L2TP over IPSec, then it would break with NAT.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...