Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

VPN Client 3.0 trough NAT

Hi, already configure my pix for vpn and it’s working but only when I connect trough a ISP that assign IP public addressing (Im using VPN Client 3.0 for clients and terminating the VPN in a PIX ) if I use a ISP that assign private addressing the VPN its not established unless I assign a Static Translation to the Client (in the case of ISP support Static translations) this its not possible in most of cases for remote users that are traveling, My question is if its possible to establish a IPSec Tunnel over IP private addressing without using “statics” to establish the VPN or if its possible to use other method available supported by Cisco VPN Client 3.0 that works with NAT or PAT, the idea of use VPN Client it because it the only application that run on MAC OS X and my customer require this support.

New Member

Re: VPN Client 3.0 trough NAT


The reason that this is happening is because IPSec uses ESP and AH, which are not TCP or UDP and hence don't have the port associations that TCP and UDP have. Thus, with many-to-one NAT (or PAT -- Port Address Translation), the ISP cannot keep a proper NAT translation.

On the Cisco VPN Concentrator, you can bypass this by allowing IPSec to ride UDP (I believe port 10000 by default). I don't know if there is a PIX equivalent.

New Member

Re: VPN Client 3.0 trough NAT

I 've been trying to use IPsec/UDP and IPsec/TCP with a 3.5 client and a 3005 concentrator. In my LAN I have a Microsoft Proxy and I am not able to establish the connection. Does everybody knows if there is a problem with this proxy server or the way it works that makes me impossible to establish the VPN? Thanks

CreatePlease to create content