Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2291
Views
0
Helpful
6
Replies

VPN issue: ISP assigned me a private ip address

Go to solution
cwelhous
Level 1
Level 1

‎10-28-2003 10:48 AM - edited ‎02-21-2020 12:50 PM

Hi all,

Internet => VPN 3015 Concentrator => Headquaters

VPN Client's Remote users connected to the internet using a private ip address supplied from the ISP (cable) can established a VPN tunnel but they can't ping our private network.

The only way to get VPN works is when remote users use an ip public.

This is a Cisco VPN Client issue? Or it has a solution...

Thanks in advance,

Regards,

Carlos Welhous

Network Engineer

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
r.state
Level 1
Level 1

‎10-28-2003 01:21 PM

Hi Carlos,

If your ISP has given you a private address, they must be using NAT - in which case you will need to enable NAT-T on the VPN concentrator.

To configure NAT-T globally, go to the Configuration | System | Tunneling Protocols | IPSec | NAT Transparency screen and check the IPSec over NAT-T check box.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
r.state
Level 1
Level 1

‎10-28-2003 01:21 PM

Hi Carlos,

If your ISP has given you a private address, they must be using NAT - in which case you will need to enable NAT-T on the VPN concentrator.

To configure NAT-T globally, go to the Configuration | System | Tunneling Protocols | IPSec | NAT Transparency screen and check the IPSec over NAT-T check box.

0 Helpful

Go to solution
cwelhous
Level 1
Level 1
In response to r.state

‎10-29-2003 07:37 AM

It works....Thanks a lot, Rowan.

Also at this point, in what case can I use the IPSec over TCP option?

Regards,

Carlos Welhous

0 Helpful

Go to solution
r.state
Level 1
Level 1
In response to cwelhous

‎10-30-2003 02:49 PM

Hi Carlos,

Glad the solution worked.

You use IPSEC over TCP in scenarios where UDP cannot be used - typically if you need to traverse a Firewall that doesn't permit UDP. Some Firewall administrators prefer not to permit UDP as it is a connectionless protocol and firewalls trust that a UDP packet will return within a specified time period rather than the structured operation of TCP (ie syn, ack, rst, fin...etc)

Regards,

Rowan

0 Helpful

Go to solution
mseanmiller
Level 1
Level 1
In response to r.state

‎11-25-2003 09:30 AM

Hi Rolan,

I have a similar problem. Can I run NAT-T on a cisco 3600 router?? I cannot create a tunnel due to the same circumstances. I need a tunnel from a 3600 to a 2600 but the 2600 has a Private IP address due to the vendor running NAT.

(10.10.0.0)cisco 2600(65.203.xx.xx) <--> internet <--> (66.82.xx.xx)win 2000 router w/nat(192.168.0.1) <-1 hop-> (192.168.0.2)cisco 2600(10.195.0.1)

0 Helpful

Go to solution
laney
Level 1
Level 1
In response to r.state

‎12-11-2003 08:11 PM

i configured nat-t as specified but still it is not working what must you do on the client? I see the client coming in on the concentrtor it does recognize that it is behind a nat but still no connection can be made, i see the group login id eing sent but then it just stops????

0 Helpful

Go to solution
laney
Level 1
Level 1
In response to r.state

‎12-12-2003 09:35 AM

I did the same thing but it is still not working???

anything else to look for............?

0 Helpful
Customers Also Viewed These Support Documents