02-01-2007 05:07 PM
Pix 6.3 had a fixup of esp-ike that worked with pat. It appears that this is gone as of 7.0 code. It only appears to work with nat?
Am I correct.
02-03-2007 06:33 PM
Version 7.0 will work with PAT. The fixup is gone, however.
Enhanced VPN NAT Transparency:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/70_rn/pix_70rn.htm#wp162358
The fixup protocol esp-ike command is not supported in PIX Security appliance Version 7.0. This feature is suited for the PIX 501 and 506/506E platforms, which PIX Security appliance Version 7.0 does not currently support. The workaround requires that the client and head-end be NAT-T capable.
All you have to do is enable nat-t on both ends of the tunnel.
Please rate if this helps!
02-05-2007 12:08 PM
Thx, the issue is that we are going to the ASA5504 for home use and one user must access contivity through the home ASA. W/O ike/esp fixup, this is no longer possible.
Bill
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide