07-14-2006 03:48 PM - edited 02-21-2020 02:31 PM
Hello. I need a help about ipsec vpn passthrough configuration on Cisco PIX 535 version 7.1.1.
Here is the structure :
Nortel vpn client -- PIX ------internet--------Checkpoint--Nortel VPN box
Nortel vpn client software which is behind Cisco PIX wants to create client to site vpn tunnel with Nortel vpn box which is behind Checkpoint firewall. The Checkpoint has already got an ipsec vpn passthrough configuration because it is possible to create a vpn tunnel with Nortel vpn box using Nortel vpn client software over dialup internet connection.
But , the Nortel vpn client which is behind the Cisco PIX can not create the vpn tunnel with Nortel vpn box. Cisco PIX making the internet connection with PAT and it is usin one public ip address. To establish Nortel client to site ipsec vpn tunnel , which ports has to be opened in which way and which pysical ports ( inside ? / outside ? ) on the PIX ?
07-15-2006 04:18 AM
sysopt connection permit-ipsec
07-15-2006 11:36 AM
this command has been already applied. Also , this command is not the solution.
07-15-2006 01:59 PM
isakmp nat-traversal
07-15-2006 11:11 PM
Vpn end point and vpn client must support nat-traversal , not the passthrough device. By the way , this command has been already applied on the PIX also. Another idea ?
07-16-2006 11:30 AM
Have you checked the logs on the PIX to make sure it is actually making the translation?
07-16-2006 11:25 PM
how can i check this ?
07-18-2006 10:56 PM
Please check the logs in the Nortel VPN client
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: