Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN Client 3.6 to Cisco 2600 with Crypto Card

We are having trouble with some of our remote users connecting to a Cisco 2611, with a crypto card, using Cisco's VPN client software version 3.6. The remote users are connected to the network at the remote customers location and utilizing their Internet connection. A PIX firewall is in use at this particular location. The remote users are unable to bring up a VPN tunnel. I was thinking that enabling transparent tunneling over TCP port 10000 would solve the problem, but I cant find any info on how to enable IPsec on the 2611 to use port 10000. I know you can on the 3000 concentrator. Does anyone know if this is possible on the Cisco 2611? Thanks in advance.

Jerry

4 REPLIES
Cisco Employee

Re: Cisco VPN Client 3.6 to Cisco 2600 with Crypto Card

Hi Jerry,

Unfortunately, we cannot have remote clients coming in from behind PAT connect to the IOS or PIX at this time, the TCP/UDP tunneling options are only available on the CVPN3000 at this time. So in this case you will need to define static NAT translations for these clients to be able to connect to the 2611 router.

Hope this helps,

Regards,

Aamir

-=-=-

New Member

Re: Cisco VPN Client 3.6 to Cisco 2600 with Crypto Card

So is TCP/UDP tunneling on the IOS or PIX roadmap at this time?

Cisco Employee

Re: Cisco VPN Client 3.6 to Cisco 2600 with Crypto Card

Not sure if it's on the roadmap specifically. In 6.3 PIX code, due out next year, it will have support for doing PAT with one IPSec tunnel and PAT for PPTP. IOS already supports PAT for IPSec and PPTP and so you wouldn't have this problem with an IOS router.

Cisco Employee

Re: Cisco VPN Client 3.6 to Cisco 2600 with Crypto Card

Actually I just realised that didn't really answer your question, did it. I was referring to the fact that you wouldn't have to use UDP/TCP encapsulation if your clients were behind an IOS router, but didn't answer your question specifically.

The answer is I don't believe UDP/TCP encapsulation is on the roadmap for the PIX, although I know it has been discussed. It certainly won't be in 6.3 code, but may be in future releases.

In IOS I'm not sure, I haven't heard anything about this functionality in it though.

442
Views
0
Helpful
4
Replies
CreatePlease login to create content