Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

w2k_client->NAT->vpn->pix Remote access questions

Re: VPN connections surviving NAT...

I intend to setup:

- PIX-506 at work (terminating VPN for remote clients)

- W2K Server at work (PDC... internal lan)

- W2K Pro at home, connected through NAT gateway (Dlink DI-704 or other) and cable modem to ISP

- Cisco VPN Client on W2K boxes at home...

1) What VPN protocols (ie PPTP, IPSEC, L2TP....) can survive NAT and are suitable in the above scenario?

2) Should I use W2K built-in IPSEC VPN or Cisco VPN Client Software on the remote client?

3) Should I terminate the VPN Clients on the PIX or pass-thru to the W2K server?

In advance, thank you (2 minutes of expert help will probably save me weeks of fuddling)!


Re: w2k_client->NAT->vpn->pix Remote access questions

Probably none of the above. NAT and particularly PAT won’t work with the IP protocols used (47, 50 or 51). The only form of VPN that works with NAT is PPTP (Not PAT) or IPSEC transparency mode (VPN Concentrator ONLY).