Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
2
Replies

VPN Client using NAT

oostveen
Level 1
Level 1

‎05-20-2005 12:48 AM - edited ‎02-21-2020 01:47 PM

Hi

Im having trouble getting the following to work.

Cisco PIX 501 in main office.

Home user using an ADSL modem and connecting to the Internet using 10.0.0.x

PC: 10.0.0.150

ADSL Modem 10.0.0.135

When the public IP from the ADSL line is bridged to the PC I have no problem creating the VPN.

If the PC uses NAT to connect to the Internet I cant get the VPN to work.

Need some pointers.

thx

Jake

Labels:
0 Helpful
2 Replies 2

paddyxdoyle
Level 6
Level 6

‎05-20-2005 04:34 AM

Are you using NAT traversal on the client

In a nutshell NAT breaks IPSEC as

a) NAT changes port numbers in a packet which means the checksums used as part of ISPEC differ when the packets reach the destination and is thus dropped

b) NAT can't see the port numbers when using ESP as they are encrypted and the new ESP header doesn't contain the port number so NAT fails and the packet won't get routed correctly.

Which client are you using?

NAT traversal is negotiated during IKE so you need to add the following entry to your IKE policy on your PIX:

isakmp nat-traversal

Let me know what client your are using as if you are using Windows native IPSEC support then depending on your OS you either need to load the Microsoft NAT-T update (818043) or if you have XP SP2 you need to change the registry to support NAT-T

HTH

Paddy

0 Helpful

paddyxdoyle
Level 6
Level 6
In response to paddyxdoyle

‎05-20-2005 04:41 AM

Also should have asked if you are using IPSEC??

Thanks

Paddy

0 Helpful
Customers Also Viewed These Support Documents