04-18-2002 02:09 PM - edited 02-21-2020 11:41 AM
Hi, already configure my pix for vpn and its working but only when I connect trough a ISP that assign IP public addressing (Im using VPN Client 3.0 for clients and terminating the VPN in a PIX ) if I use a ISP that assign private addressing the VPN its not established unless I assign a Static Translation to the Client (in the case of ISP support Static translations) this its not possible in most of cases for remote users that are traveling, My question is if its possible to establish a IPSec Tunnel over IP private addressing without using statics to establish the VPN or if its possible to use other method available supported by Cisco VPN Client 3.0 that works with NAT or PAT, the idea of use VPN Client it because it the only application that run on MAC OS X and my customer require this support.
04-20-2002 08:29 PM
Unfortunately the current PIX code doesn't support the IPSec thru NAT functionality. It is already available on the client and currently supported on the
VPN 3000 concentrators but not as yet on the PIX code.
04-24-2002 08:11 AM
And what about udp encapsulation support on 6.2(1) release ?
Thanks
Renato
05-06-2002 10:59 AM
Hi,
what is the actual command syntax for UDP encapsulation in PIX 6.2(1). I am desparately looking for a solution to VPN tunnel through NAT/PAT to PIX.
regards,
maha
05-06-2002 02:38 PM
Hi Roberto
I try my inside network with PIX PAT to connect with Cisco Concentrator 3005 in same location, I can make vpn connection, phase II is fine, but I cannot make any network connection, like no NAT or PAT. What do you think my problem?
Thanks
ben
ATMEL
05-27-2002 04:30 AM
You have to use a nat 0 command for all data destined for the remote VPN tunnel otherwise your packets will get natted and not work.
I assume you are trying to vpn between your pix and your concentrator.
Check Cisco Security tips for examples of this.
If it is a client related problem,
ensure that the concentrator has UDP 10000 checked and your client properties is also checked for transparent NAT.
I also found that in some cases, TCP encapsulation available with later versions of the client didn't work as well as UDP encapsulation through PAT devices.
Finally ensure you are running the latest versions of the VPN software which is 3.5.3 for the concentrators and 3.5.2 for the client.
Hope this helps
Inti Shah
Boxing Orange
05-30-2002 06:20 AM
Hi guys,
hope i'm not too late for this topic, I'm having the same issue here.
VPN client 3.5.1 outside and tunnel to PIX 506, right now the client is using a global address, but if i put it inside our network behind a firewall with NAT and with an static private address, i can't create the tunnel at all. beside static mapping on the firewall, what other options do i have. are there any configuration that i could get around this issue?
any suggestion would be appreciate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide