Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Client with PAT to Cisco PIX

Dear All,

I have a PIX 515 at main site with IPSec enabled. Home User using VPN client 3.x is connecting to the PIX for VPN access. When the Home user is using real IP, I can ping to the main site's LAN. However, when Home user is using a router with PAT, the VPN cannot be established.

Is there any setting I should set on PIX, VPN client or router?

Thanks.

Doug

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VPN Client with PAT to Cisco PIX

And if you are still having problems upgrade your pix to 6.3 and use:

isakmp nat-traversal

But the first thing would be to check the IPSEC passthru as Ade suggested. If the device is a linksys check the firmware version as well.

Regards,

2 REPLIES
New Member

Re: VPN Client with PAT to Cisco PIX

Doug,

Check the following:

1. Make sure the home users router is set for IPSEC passthru

2. Make sure the home users router is enabled to allow WAN request. (If linksys - Check the filtering options)

3. On the PIX, your crypto transform-set should be configured to use only ESP transforms. Do not use AH. AH does not work in with NAT or PAT. Examples of transform sets you can use are - ESP-DES, ESP-SHA-HMAC, ESP-3DES, ESP-MD5-HMAC.

Hope this helps.

Ade

New Member

Re: VPN Client with PAT to Cisco PIX

And if you are still having problems upgrade your pix to 6.3 and use:

isakmp nat-traversal

But the first thing would be to check the IPSEC passthru as Ade suggested. If the device is a linksys check the firmware version as well.

Regards,

284
Views
0
Helpful
2
Replies
CreatePlease to create content