Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
2
Replies

PIX ipsec pl-compatible Command

melry88
Community Member

‎01-28-2005 01:11 PM - edited ‎02-21-2020 01:34 PM

Hello,

Can someone explain why and how this command is used in a real world environment? I do not use it with my remote and site to site configurations but, I ran into a client that does. I have seen the PIX command description of "Enable IPSec packets to bypass the PIX Firewall unit's NAT and ASA features and allows incoming IPSec packets to terminate on the inside interface." but, I would like to know why you would do that and what benefits or issue there are to running the PIX like this. I terminate all of my IPSec connections to the outside and then controll access to the inside with ACLs.

Thanks for the help!

Labels:
0 Helpful
2 Replies 2

mohammed.ibrahim
Level 3
Level 3

‎01-28-2005 03:08 PM

pl-compatible is used in old way of terminating vpns. This helps terminate the vpn tunnel on the inside interface. So from a pix prespective it does not care what is the actual traffic it just sees ipsec traffic . This was used because there was no nat 0 and sysopt connection permit-ipsec was available in pre 5.0 releases.

Now with all the options available I do not see any reason to still use it.

0 Helpful

melry88
Community Member
In response to mohammed.ibrahim

‎02-02-2005 06:03 AM

Hey thanks for the information!

0 Helpful
Customers Also Viewed These Support Documents