Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
506
Views
0
Helpful
1
Replies

VPN Pass through

rremu
Level 1
Level 1

‎02-05-2004 08:01 AM - edited ‎07-04-2021 09:20 AM

Hello,

I have a Cisco VPN client(4.0.2) that needs to terminate a VPN connection on a PIX 501(6.3). The VPN client is sitting behind a PIX 525 (6.2) using PAT. I have the following entries. What am I doing wrong on the PIX 535.

static (inside,outside) XX.XX.194.155 10.0.254.22 netmask 255.255.255.255

nat (inside) 0 10.0.254.22 255.255.255.255

access-list INbound

access-list inbound permit esp host xx.xx.0.216 host xx.xx.194.155

access-list inbound permit udp host xx.xx.0.216 host xx.xx.194.155 eq isakmp

Access-list outbound

access-list outbnd permit udp host 10.0.254.22 host xx.xx.0.216 eq isakmp

access-list outbnd permit esp host 10.0.254.22 host xx.xx.0.216

I'm gonna rip my hair out soon! Please help

Labels:
0 Helpful
1 Reply 1

Not applicable

‎02-11-2004 07:10 AM

Network Address Translation (NAT), including Port Address Translation (PAT), is used in many networks where IPSec is also used, but there are a number of incompatibilities that prevent IPSec packets from successfully traversing NAT devices. NAT traversal enables ESP packets to pass through one or more NAT devices.

To enable NAT traversal, check that ISAKMP is enabled (you can enable it with the isakmp enable if_name command) and then use the isakmp nat-traversal [natkeepalive] command.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card