Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
6
Replies

Who can confirm if VPN with Nat/Pat is working with PIX fireall or not?

david.xu
Level 1
Level 1

‎01-20-2003 12:26 PM - edited ‎02-21-2020 12:17 PM

I read many post here about the transparent VPN, PC with NAT/PAT through VPN. I saw most people said if client with a private IP address and nated/pated, then connect to PIX by IPSEC VPN, it won't work, only VPN concentrator working with this transaparent VPN.

But as I tested , I use cisco vpn client 3, PIX firewall, cisco router with NAT, it is working fine, no problem. I only tried on VPN cleint through nat and vpn to pix, not sure if there are over 1 vpn client connect pix by PAT with same ip address, what will happen.

Is there anyone can confirm if VPN with NAT/PAT working with pix?

Thanks,

David

Labels:
0 Helpful
6 Replies 6

Nick.liang
Level 1
Level 1

‎01-21-2003 01:39 AM

if you try the secondary vpn client , the first one will disconnected

you must change pix instead of concentrator ( ipsec nat transparency )

or router with IOS support "ipsec nat transparency "

0 Helpful

ovt
Level 4
Level 4

‎01-21-2003 05:26 AM

PIX will probably support NAT-T (IpSec/UDP) in the 6.3 release and PAT

will work with multiple clients.

Oleg Tipisov,

REDCENTER

0 Helpful

ANGELO DE MASI
Level 1
Level 1
In response to ovt

‎01-31-2003 01:34 AM

Hi,

do u mean that PIX 525 rel. 6.1 doesn't support NAT trasparency/ transparent tunnelling at all?

I'm trying to connect VPN Clinet 3.6.3 behind a cisco NAT/PAT router to a central PIX 525 and it doesn't work ! So I have no chances to make it working?

I can't enable tranparent tunneling on my PIX, is it true?

thanks in advance fro your reply

bye angelo

0 Helpful

david.xu
Level 1
Level 1
In response to ANGELO DE MASI

‎01-31-2003 11:20 AM

Hi, Angelo

I just finish a PIX515, with version6.1 . I can connect VPN client 3.6 from my office behind a cisco router NAT/PAT with no problem to PIX. Let me know how you configure the vpn in PIX. As I know Cisco vpn client is using group 2, not group 1, that's the problem I figure out before.

David

0 Helpful

daniel.kline
Level 1
Level 1
In response to david.xu

‎02-04-2003 11:32 AM

I believe the VPN client will work through NAT/PAt if you select IPSec over TCP/UDP.

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to ANGELO DE MASI

‎01-31-2003 04:55 PM

Hi,

Yes, you are right!! As of today, the pix does not support NAT Transparency and Pix 6.3 version will have the support for IPSec Over UDP.

BTW, 6.3 should be tentatively out sometime around March/April.

Regards,

Arul

0 Helpful
Customers Also Viewed These Support Documents