Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN pass-throught and Site-to-site VPN with pix

Hi, I would like to know if it is possible to let Cisco VPN client from the Inside to connect on outside vpn servers throught a pix while at the same time connecting this pix with another pix in a Site-To-Site VPN.

I know that ESP doesn't use ports numbers, so only one Tunnel works throught PAT at the same time. But if we configurea PAT address that is different than the PIX address on the outside, will we be able to do ESP Pass-throught and Site-To-Site VPN?

Cisco Employee

Re: VPN pass-throught and Site-to-site VPN with pix

Unfortunately not, even if you are using different IP addresses for the outside interface and the one used for NAT/PAT addresses.

An alternate: use a dedicated IP address, static transaltion for the inside PC and then you need not enable the "fixup esp-ike: command. This will allow you to terminate both site-site tunnel and use the VPN client connect from inside to outside server..