Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ipsec over udp - simple question - pix

I have trawled through much documentation but cannot find a definitive answer to a basic question so I hope that one of you 'out there' can. Does (and if so which sw release) a pix support ipsec over udp (as per Cisco vpn client)? The pix being the tunnel endpoint.

The background is that I am trying to get a vpnclient behind a MS ISA server to establish a tunnel to a remote pix and failing. MS point to the article about the Cisco Concentrator 3300, with the latest firmware updates. My testing seems to indicate that the PIX in question does support it, since in one configuration not involving ISA but with client access through another PIX involving NAT seems to work just fine.

Many thanks any help you can provide.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: ipsec over udp - simple question - pix

PIX Firewall Version 6.3 provides a feature called "Nat Traversal,that is UDP Encapsulation of IPsec Packets.

Use the following command to enable NAT-T

isakmp nat-traversal [natkeepalive]

default natkeepalives is 20 sec. 10-3600 is the range

NAT traversal (NAT-T) supports both static and dynamic crypto maps.

Cihan

2 REPLIES
New Member

Re: ipsec over udp - simple question - pix

Currently PIX does not support IPSec over UDP.

New Member

Re: ipsec over udp - simple question - pix

PIX Firewall Version 6.3 provides a feature called "Nat Traversal,that is UDP Encapsulation of IPsec Packets.

Use the following command to enable NAT-T

isakmp nat-traversal [natkeepalive]

default natkeepalives is 20 sec. 10-3600 is the range

NAT traversal (NAT-T) supports both static and dynamic crypto maps.

Cihan

173
Views
0
Helpful
2
Replies
CreatePlease login to create content