Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco PIX IPSec VPN passthrough

Hello. I need a help about ipsec vpn passthrough configuration on Cisco PIX 535 version 7.1.1.

Here is the structure :

Nortel vpn client -- PIX ------internet--------Checkpoint--Nortel VPN box

Nortel vpn client software which is behind Cisco PIX wants to create client to site vpn tunnel with Nortel vpn box which is behind Checkpoint firewall. The Checkpoint has already got an ipsec vpn passthrough configuration because it is possible to create a vpn tunnel with Nortel vpn box using Nortel vpn client software over dialup internet connection.

But , the Nortel vpn client which is behind the Cisco PIX can not create the vpn tunnel with Nortel vpn box. Cisco PIX making the internet connection with PAT and it is usin one public ip address. To establish Nortel client to site ipsec vpn tunnel , which ports has to be opened in which way and which pysical ports ( inside ? / outside ? ) on the PIX ?

7 REPLIES
New Member

Re: Cisco PIX IPSec VPN passthrough

sysopt connection permit-ipsec

New Member

Re: Cisco PIX IPSec VPN passthrough

this command has been already applied. Also , this command is not the solution.

New Member

Re: Cisco PIX IPSec VPN passthrough

isakmp nat-traversal

New Member

Re: Cisco PIX IPSec VPN passthrough

Vpn end point and vpn client must support nat-traversal , not the passthrough device. By the way , this command has been already applied on the PIX also. Another idea ?

New Member

Re: Cisco PIX IPSec VPN passthrough

Have you checked the logs on the PIX to make sure it is actually making the translation?

New Member

Re: Cisco PIX IPSec VPN passthrough

how can i check this ?

New Member

Re: Cisco PIX IPSec VPN passthrough

Please check the logs in the Nortel VPN client

920
Views
0
Helpful
7
Replies
CreatePlease to create content