Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client behind a PIX Firewall

i have a vpn concentrator with several clients, but a this time i have a client behind a pix firewall, and the client creates the tunnel, but i can´t acces any of my inside address.

Any tips.


Cisco Employee

Re: VPN Client behind a PIX Firewall

You need to enable ipsec thru nat on the concentrator, under the group settings IPSec tab, mode config section (check mode config too), and also on the client. See:

New Member

Re: VPN Client behind a PIX Firewall

If you are trying to VPN through a PIX, you may encounter one of two problems. If you have a single PAT address and no NAT GLOBAL's available, you are pretty much hosed as far as I can see. I have poked at this variant a lot and cannot figure how to get around it.

If you have a GLOBAL pool of a few addresses, or if you can statically map from one real outside to your inside, you can certainly VPN through the PIX.

To VPN through, you will have to create conduits or access lists to permit IP/50, IP/51 and UDP/500 back into that host.

Give this a shot and see how well it works.