Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN connectivity

hi,

we are using PIX 506 version 6.3 for our network. We have to do static NAT for the VPN connectivity with the client server. But when i try doing PAT i am not able to connect to the remote server.

Can anyone help me out why this is happening.

Is that i can do only static NAT for VPN and can't go with PAT connectivity.

Thanks,

Vishal D.

1 REPLY

Re: VPN connectivity

This is normal for PAT but you could use the fixup esp-ike but you are limited to one tunnel.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#wp1067379

fixup protocol esp-ike

The fixup protocol esp-ike command enables PAT for Encapsulating Security Payload (ESP), single tunnel.

The fixup protocol esp-ike command is disabled by default. If a fixup protocol esp-ike command is issued, the fixup is turned on, and the firewall preserves the source port of the Internet Key Exchange (IKE) and creates a PAT translation for ESP traffic. Additionally, if the esp-ike fixup is on, ISAKMP cannot be turned on any interface.

sincerely

Patrick

79
Views
0
Helpful
1
Replies