Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

asa esp policy

Pix 6.3 had a fixup of esp-ike that worked with pat. It appears that this is gone as of 7.0 code. It only appears to work with nat?

Am I correct.

2 REPLIES
New Member

Re: asa esp policy

Version 7.0 will work with PAT. The fixup is gone, however.

Enhanced VPN NAT Transparency:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/70_rn/pix_70rn.htm#wp162358

The fixup protocol esp-ike command is not supported in PIX Security appliance Version 7.0. This feature is suited for the PIX 501 and 506/506E platforms, which PIX Security appliance Version 7.0 does not currently support. The workaround requires that the client and head-end be NAT-T capable.

All you have to do is enable nat-t on both ends of the tunnel.

Please rate if this helps!

New Member

Re: asa esp policy

Thx, the issue is that we are going to the ASA5504 for home use and one user must access contivity through the home ASA. W/O ike/esp fixup, this is no longer possible.

Bill

112
Views
0
Helpful
2
Replies
CreatePlease login to create content