Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
0
Helpful
2
Replies

VPN Client connection from behind a PIX

brent.smith
Level 1
Level 1

‎06-24-2003 12:30 PM - edited ‎02-21-2020 12:37 PM

With PIX 6.3, what is the config to setup a client that is on a private network, and behind a PIX, to pass through this PIX and make a VPN connection on a remote PIX?

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎06-24-2003 10:01 PM

The 6.3 command for this is as follows:

> fixup protocol esp-ike

Keep in mind this only allows one internal IPsec client to estabish a connection through the PIX. Also, if this PIX is terminating VPN tunnels from other devices, then you can't use this command cause it'll kill all those. No workaround for this at this time.

0 Helpful

rjwalani
Cisco Employee
Cisco Employee

‎06-24-2003 10:03 PM

Hi,

If your setup is

vpnclient----PIX1-----Internet-------PIX with vpn

On PIX1 you'll have to open up the udp port 4500 (NAT-T) along with ESP 50 and UDP 500 .The PIX with vpn has to have 6.3.x and the command

isakmp nat-traversal

enabled.

Make sure that the vpnclient is ver 3.6.x and above and the Transparent tunnelling using udp is checked

Thanks

Ranjana

0 Helpful
Customers Also Viewed These Support Documents