05-08-2003 01:37 PM - edited 02-20-2020 10:44 PM
i use a vpn client 3.6.4 behind a cisco 827 (ppoe with NAT) to connect to a pix 515 (configure also with nat ). I want to access a sever behind the pix.
Can i configure ip nat traversal on the cisco 827 (ios 12.2.13T) ?
does it work ?
vpn client 6.3.4<--->cisco827(NAT) <-----internet------> Pix515(NAT)<--->server
thanks !
05-14-2003 11:02 AM
NAT-T can be used between VPN Clients and a concentrator, or between concentrators behind a NAT/PAT device. At this time, this feature is supported only between the Cisco VPN clients (Unity client) and a concentrator, or between concentrators.
05-14-2003 08:00 PM
Not quite right. NAT-T is supported on routers and PIX's now also.
However, you have the wrong idea of where to configure it. You configure NAT-T on the VPN termination point, in your case the PIX. The intermediate 837 doesn't need to know about anything, as the VPN client and the PIX will encapsulate their IPSec packets into UDP 4500 and the 837 will just NAT them like any other packet.
On the PIX, upgrade it to 6.3 code and use the command:
> isakmp nat-traversal
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1027312
05-15-2003 06:26 AM
hi,
thanks for your reply .
i'll change my configuration and upgrade the pix firewall.
05-15-2003 09:13 PM
Better check the following bug before configuring,
CSCea72383 - PIX crashes with isakmp nat-traversal command
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide