Need to know how to use cisco vpn client behind a pix 515 using NAT

hpop · Jan 5, 2004

I have to enable 4 users that are using a cisco vpn dialer that need to pass through our pix 515 firewall that is using NAT and connect to a remote site that we do not control. The vpn dialers work fine via dialup so I know it is the pix. Anyone ???

themut · Jan 6, 2004

You need to ope UDP port 500 and IP protocol 50 (ESP) and you also need a static translation. Alternatively you can enable fixup protocol esp-ike This option is available only if you are running 6.3 on the PIX. You can also enable NAT-T on the headend device and open UDP port 4500 as well if the headend device supports NAT-T.

hpop · Jan 6, 2004

So i would have to map my public ip to a private,

would it be a static(outside,inside)

themut · Jan 6, 2004

It would be static (inside, outside)... However it's not the only option as previously advised you can also enable fixup protocol esp-ike on your PIX as long as you are running 6.3.X or enable NAT-T on the remote device if supported.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Need to know how to use cisco vpn client behind a pix 515 using NAT

hpop

IS-IT--Management

themut

Technical User

hpop

IS-IT--Management

themut

Technical User

Similar threads

Part and Inventory Search

Sponsor