I have a VPN Set up from a PIX behind a NAT device running 6.3.1 to a VPN Concentrator. The lan to lan VPN works fine (connecting as base group to the concentrator).
Now, I would like to do two things. First, I would like to terminate client sessions to the PIX. I have passed UDP 500 and 4500 through the NAT device provided by my ISP (Broadmax DSL Modem/Router), but cannot get the VPN Client to connect. I do have "isakmp nat-traversal" turned on.
I would also like to do a true lan to lan with shared key, but am not sure I can originate from the VPN 3000 side if the PIX side is behind a NAT device.
Will either of these scenarios work?? If so, what do I need to do to get them to work??
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...