Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
1
Replies

VPN client - PIX with NAT/PAT

jsteunou
Level 1
Level 1

‎10-09-2001 03:29 PM - edited ‎02-21-2020 11:26 AM

Hi

I have a PIX (6.1) and many users with VPN client 3.x. Some of them are behind various network equipment (Firewall, router ...) which perform dynamic NAT (PAT). Of course in this case the VPN doesn't work.

I found two potential solution :

-> IPSec over UDP. But I can't found how to configure this on my PIX and it's seem that this solution is only possible with a VPN concentrator. In this case I just want to ask why and if it will be avaible on a PIX one day (and when of course) =)

-> ESP-aware PAT device. If the device can use the ESP header to update his translation tables it would be perfect. But I did not find if a Checkpoint FW, a Raptor FW or even a PIX is an ESP-aware PAT device. Did somebody have any infos on these products ?

Thanks

Labels:
0 Helpful
1 Reply 1

wjulia
Level 1
Level 1

‎10-09-2001 05:37 PM

IPSec through PAT is only available on the 3000 series with UDP encapsulation.

I haven't heard any plans to implement this on the PIX - however, you can try through your Cisco Sales channel to get an feature enhancement request put through.

0 Helpful
Customers Also Viewed These Support Documents