Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Client connection from behind a PIX

With PIX 6.3, what is the config to setup a client that is on a private network, and behind a PIX, to pass through this PIX and make a VPN connection on a remote PIX?

2 REPLIES
Cisco Employee

Re: VPN Client connection from behind a PIX

The 6.3 command for this is as follows:

> fixup protocol esp-ike

Keep in mind this only allows one internal IPsec client to estabish a connection through the PIX. Also, if this PIX is terminating VPN tunnels from other devices, then you can't use this command cause it'll kill all those. No workaround for this at this time.

Cisco Employee

Re: VPN Client connection from behind a PIX

Hi,

If your setup is

vpnclient----PIX1-----Internet-------PIX with vpn

On PIX1 you'll have to open up the udp port 4500 (NAT-T) along with ESP 50 and UDP 500 .The PIX with vpn has to have 6.3.x and the command

isakmp nat-traversal

enabled.

Make sure that the vpnclient is ver 3.6.x and above and the Transparent tunnelling using udp is checked

Thanks

Ranjana

96
Views
0
Helpful
2
Replies
CreatePlease to create content