Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN pass-through problem

If I use the Cisco VPN client to connect to a PIX firewall - it works.

If I use the Cisco VPN client to connect to the same PIX firewall through a PIX firewall - it works. (static NAT & IPSec over UDP)

If I use the Cisco VPN client to connect to a Cisco router - it works.

But, If I use the Cisco VPN client to connect to the same Cisco router through a PIX firewall - it does not work. (static NAT & IPSec over UDP)

Does anyone have any ideas on how to fix this?

Cheers,

1 REPLY
New Member

Re: VPN pass-through problem

Using ipsec over tcp/udp isnt a feature of the pix or routers as of this date. You can only connect to a 3000 concentrator with ipsec over tcp/udp. By checking the box for this option on the client does nothing, as its the remote device that has to agree on it. If you are connecting to a concentrator and dont have that option checked on the concentrator but you have it configured on the client, it still dont work. It has to be configured on both the client and concentrator. If you are going to connect to a router or pix, you will have to have a static nat translation or public(routable for the end device) ip. In 12.2.5T there is a feature for esp translation on the routers. Where if the client is behind a router doing port address translation, you can map one single ip address to the protocol esp allowing one vpn connection. Im not even gonna guess why you can't connect, no configs or debugs, because to many variables. Usually you can connect behind a PAT device to the router or pix, but just can't pass traffic. So it could be something like your configuration on the pix, router or client.

Kurtis Durrett

132
Views
0
Helpful
1
Replies
CreatePlease to create content