cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
439
Views
0
Helpful
1
Replies

506 NAT IPSec

lchristie
Level 1
Level 1

I was wondering if it was possible to have an IPSec tunnel originate within a local area network that sits behind a 506 with NAT'ing enabled(Using WatchGuard IPSec client to make connection). I have tried to use the following command to get this to work to no avail.

sysopt connection permit-ipsec command

The IPSec client that resides behind the firewall requires authentication header and I assume that is where my problem lies. Much thanks in advance.

1 Reply 1

vijkrish
Cisco Employee
Cisco Employee

AH and NAT by definition cause trouble. You should try changing transform proposal to ESP (eliminate AH).

Vijay