Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Pass through

Hello,

I have a Cisco VPN client(4.0.2) that needs to terminate a VPN connection on a PIX 501(6.3). The VPN client is sitting behind a PIX 525 (6.2) using PAT. I have the following entries. What am I doing wrong on the PIX 535.

static (inside,outside) XX.XX.194.155 10.0.254.22 netmask 255.255.255.255

nat (inside) 0 10.0.254.22 255.255.255.255

access-list INbound

access-list inbound permit esp host xx.xx.0.216 host xx.xx.194.155

access-list inbound permit udp host xx.xx.0.216 host xx.xx.194.155 eq isakmp

Access-list outbound

access-list outbnd permit udp host 10.0.254.22 host xx.xx.0.216 eq isakmp

access-list outbnd permit esp host 10.0.254.22 host xx.xx.0.216

I'm gonna rip my hair out soon! Please help

1 REPLY
Anonymous
N/A

Re: VPN Pass through

Network Address Translation (NAT), including Port Address Translation (PAT), is used in many networks where IPSec is also used, but there are a number of incompatibilities that prevent IPSec packets from successfully traversing NAT devices. NAT traversal enables ESP packets to pass through one or more NAT devices.

To enable NAT traversal, check that ISAKMP is enabled (you can enable it with the isakmp enable if_name command) and then use the isakmp nat-traversal [natkeepalive] command.

112
Views
0
Helpful
1
Replies