08-30-2005 01:12 AM
Hi,
We are trying to use the Cisco VPN client version 4.6.04.0043 behind a NATed Cisco router. The client states that it is connected, but traffic will not pass over the tunnel. I have read on some of the Cisco articles that using a Cisco VPN in a NATed environment cannot be done. Can someone confirm this for me please?
08-30-2005 01:32 AM
Hi,
Cisco VPN client can work in NATed environments if you enable NAT-T at the VPN gateway.
What is the VPN gateway that is used at the client end?
Regards,
Shijo George.
08-30-2005 01:42 AM
Hi, thanks for your reply.
The client goes out via a Cisco 837 router. It is worth noting that the router also performs site to site VPN tunneling.
08-30-2005 01:55 AM
Not sure if I made it clear... NAT-T has to be enabled on the remote VPN device to which you are connecting using the VPN client.
08-30-2005 02:07 AM
the remote device is a PIX that I do not have access to. I will certainly ask. Is there anything else I can do this end? I have fould this on Cisco's site, but it did not work:
I have tried to use a dial up modem from the same machine and the Client works fine. Any suggestions would be greatly appreciated. I will call the end point now (VPN end point).
08-30-2005 02:41 AM
Hi,
The document mentions about enabling NAT-T at the client end. But this has to be enabled at the VPN gateway (PIX in your case) also for this feature to work.
If the client end PIX is running code later that 6.3 the following command will enable NAT-T
isakmp nat-traversal
HTH
Regards,
Shijo George.
08-30-2005 02:52 AM
Hi,
Many thanks for your reply. I have left a message for the person at the PIX site to call me. I will post a reply when I have more info.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide