I have to enable 4 users that are using a cisco vpn dialer that need to pass through our pix 515 firewall that is using NAT and connect to a remote site that we do not control. The vpn dialers work fine via dialup so I know it is the pix. Anyone ???
You need to ope UDP port 500 and IP protocol 50 (ESP) and you also need a static translation. Alternatively you can enable fixup protocol esp-ike This option is available only if you are running 6.3 on the PIX. You can also enable NAT-T on the headend device and open UDP port 4500 as well if the headend device supports NAT-T.
It would be static (inside, outside)... However it's not the only option as previously advised you can also enable fixup protocol esp-ike on your PIX as long as you are running 6.3.X or enable NAT-T on the remote device if supported.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.