Solved: Re: PIX and NAT-T

mburutzis · ‎04-21-2004

Hi all,

I have a quick question. I have a couple of users that are using routers to connect by VPN to our pix which authenticates by a RADIUS for the L2TP connections. I activated NAT-T on our PIX and they still can't connect. Is there anything I could have missed. I checked most of the posts in this forum and didn't see anything else I should have activated.

Can anyone help?

Thanks in advance.

Michael

drolemc · ‎04-27-2004

A Lan-to-Lan tunnel from a router to a PIX does not require NAT-T unless there are NAT devices between the two endpoints. If that is the case, you need to ensure that both the software on both of the tuneel end points devices support this capability. A configuration example of a Router to PIX IPSec tunnel is available at http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

Another example that deals with the same setup with NAT is available at

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml

View solution in original post

drolemc · ‎04-27-2004

A Lan-to-Lan tunnel from a router to a PIX does not require NAT-T unless there are NAT devices between the two endpoints. If that is the case, you need to ensure that both the software on both of the tuneel end points devices support this capability. A configuration example of a Router to PIX IPSec tunnel is available at http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

Another example that deals with the same setup with NAT is available at

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml