cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
681
Views
0
Helpful
6
Replies

VPN Client 3.0 trough NAT

roberto-rios
Level 1
Level 1

Hi, already configure my pix for vpn and it’s working but only when I connect trough a ISP that assign IP public addressing (Im using VPN Client 3.0 for clients and terminating the VPN in a PIX ) if I use a ISP that assign private addressing the VPN its not established unless I assign a Static Translation to the Client (in the case of ISP support Static translations) this its not possible in most of cases for remote users that are traveling, My question is if its possible to establish a IPSec Tunnel over IP private addressing without using “statics” to establish the VPN or if its possible to use other method available supported by Cisco VPN Client 3.0 that works with NAT or PAT, the idea of use VPN Client it because it the only application that run on MAC OS X and my customer require this support.

6 Replies 6

cjacinto
Cisco Employee
Cisco Employee

Unfortunately the current PIX code doesn't support the IPSec thru NAT functionality. It is already available on the client and currently supported on the

VPN 3000 concentrators but not as yet on the PIX code.

And what about udp encapsulation support on 6.2(1) release ?

Thanks

Renato

Hi,

what is the actual command syntax for UDP encapsulation in PIX 6.2(1). I am desparately looking for a solution to VPN tunnel through NAT/PAT to PIX.

regards,

maha

Hi Roberto

I try my inside network with PIX PAT to connect with Cisco Concentrator 3005 in same location, I can make vpn connection, phase II is fine, but I cannot make any network connection, like no NAT or PAT. What do you think my problem?

Thanks

ben

ATMEL

You have to use a nat 0 command for all data destined for the remote VPN tunnel otherwise your packets will get natted and not work.

I assume you are trying to vpn between your pix and your concentrator.

Check Cisco Security tips for examples of this.

If it is a client related problem,

ensure that the concentrator has UDP 10000 checked and your client properties is also checked for transparent NAT.

I also found that in some cases, TCP encapsulation available with later versions of the client didn't work as well as UDP encapsulation through PAT devices.

Finally ensure you are running the latest versions of the VPN software which is 3.5.3 for the concentrators and 3.5.2 for the client.

Hope this helps

Inti Shah

Boxing Orange

Hi guys,

hope i'm not too late for this topic, I'm having the same issue here.

VPN client 3.5.1 outside and tunnel to PIX 506, right now the client is using a global address, but if i put it inside our network behind a firewall with NAT and with an static private address, i can't create the tunnel at all. beside static mapping on the firewall, what other options do i have. are there any configuration that i could get around this issue?

any suggestion would be appreciate.