[prev in list] [next in list] [prev in thread] [next in thread]
List: vpn
Subject: [VPN] Re: Cisco VPN client connecting through NAT
From: "Dawson, Dana" <Dana.Dawson () qwest ! com>
Date: 2005-11-22 17:50:04
Message-ID: E45AF363FFED68408920984A74DE338F177933 () itomae2km08 ! AD ! QINTRA ! COM
[Download RAW message or body]
You need to enable the "nat-traversal" feature in the PIX with the "isakmp nat-traversal" command. This will allow the PIX to do automatic NAT detection and encapsulate the ESP traffic in a UDP packet on port 4500, so you may also have to open that port (UDD/4500) in your firewall. NAT Traversal is a proposed standard and is a very good thing. It's on by default in newer Cisco IOS routers, but for some reason it's not on by default in the PIX and the VPN 3000 series - go figure. This should fix the "one user at a time" issue, which is usually a limitation on the firewall/NAT device that the users are behind and not the PIX terminating the VPN sessions, and the NAT-T is the preferred work around.
HTH - Good luck!
Dana
--
Dana J. Dawson Dana.Dawson@qwest.com
Sr. Staff Engineer CCIE #1937
Qwest Communications
600 Stinson Blvd., Suite 1S
Minneapolis MN 55413-2620
"Hard is where the money is."
-----Original Message-----
From: vpn-bounces+djdawso=qwest.com@lists.shmoo.com on behalf of Venkat Kaushik
Sent: Tue 11/22/2005 10:47 AM
To: vpn@lists.shmoo.com
Subject: [VPN] Cisco VPN client connecting through NAT
Hello everyone
Two weeks ago we changed our Firewall from checkpoint to cisco Pix ( we have
PIX 515E ver 6.3) we are having problem with VPN .
We are using cisco vpn client 4.X ( windows xp ) connecting through linux
firewall( ip tables) with NAT this client side configuration was working
fine up until we changed to PIX from Checkpoint firewall. Only one client
can connect at a time I need some help
Venkat.
_______________________________________________
VPN mailing list
VPN@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic