Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

establishing a VPN connection through a NAT

here's a basic network diagram:

*internet* ---- [cisco 831] ---- [pix 501] ---- *internal network*

i want the ablity to connect to my network when i'm away from home.  i configured the pix and tested it; i can establish a secure tunnel.

unfortunately, i don't know how to forward all ipsec traffic from the internet, through the 831, and to the pix.

can someone help out with the port forwarding commands and the inbound access list, if i need one of those too?


Re: establishing a VPN connection through a NAT

You need a static IP address on the Router or PIX.

The you need to forward the relevant Protocols & TCP/UDP "Thru" the router to the PIX.

Protocol 50

UDP 500

UDP 4500

Enable NAT-T on the PIX to allow UDP/TCP encapsulation of IPSEC traffic, this will enable you to use networks that do not allow IPSEC traffic accrosd them.


New Member

Re: establishing a VPN connection through a NAT

In addition to what Andrew posted, I believe you will also need to allow IP protocol 51 (Authentication Header) through your 831.

CreatePlease login to create content