Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
0
Helpful
1
Replies

PIX PAT - VPN Client

john
Level 1
Level 1

‎07-13-2003 05:13 PM - edited ‎02-21-2020 12:39 PM

Hello

Cisco PIX Firewall Version 6.3(1) supports "fixup protocol esp-ike" Enables PAT for Encapsulating Security Payload (ESP), single tunnel.

Cisco VPN Client - Version 4.0.1 supports: IPSec over UDP for NAT and PAT - or - PSec over TCP for NAT and PAT

Using these versions of software, it seems I'm able to establish to a tunnel with a remote PIX 515E VPN server running FOS V 6.3. Running "show crypto isakmp sa", and "show crypto ipsec sa", on the remote VPN server, shows the sa(s) are being created. The VPN Client Tunnel Details panel is showing a tunnel being created and a client address being assigned on the remote VPN server.

Traffic sent through the VPN tunnel is received by the remote VPN server only when "fixup protocol esp-ike" is active. Unfortunately, traffic is not being returned.

Is my remote VPN server configuration defective or is using Cisco VPN Client software with PIX PAT impossible?

...John

Labels:
0 Helpful
1 Reply 1

jins
Level 1
Level 1

‎07-15-2003 09:12 AM

Hi John,

Try, isakmp nat-traversal [natkeepalive] command. This will turn on or off NAT traversal. (NAT traversal is off by default.). This command was first introduced in FOS 6.3.

Hope this helps

Thanks

Jins

0 Helpful
Customers Also Viewed These Support Documents