Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Client 3.5.1 to Pix 506e using IPsec over TCP

Is it possible to do this when there is a device in the path of the VPN tunnel that will do static NAT?

The reason for this is that the Pix's external interface will have a private address and this is the end point of the tunnel. The device doing NAT has a public address which the VPN client will think is the end of the tunnel, the static NAT will translate incoming packets on UDP port 500 to have a destination of the Pix.

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: VPN Client 3.5.1 to Pix 506e using IPsec over TCP

The Pix cannot do TCP encapsulation. It can only do UDP encapsulation.

You can create IPSec tunnels to the Pix's outside address even if that address it NATted provided it is NAT and NOT PAT.

2 REPLIES
Silver

Re: VPN Client 3.5.1 to Pix 506e using IPsec over TCP

The Pix cannot do TCP encapsulation. It can only do UDP encapsulation.

You can create IPSec tunnels to the Pix's outside address even if that address it NATted provided it is NAT and NOT PAT.

Anonymous
N/A

Re: VPN Client 3.5.1 to Pix 506e using IPsec over TCP

Thanks, I read somewhere that TCP is better if you have multiple concurrent VPN tunnels terminating on the PIX.

Do I take it that using concurrent tunnels with this PIX using UDP is not recommended?

143
Views
5
Helpful
2
Replies