From: Tim Fletcher (tim@xxxxxxxxxxxxxx)
Date: Sat Sep 01 2001 - 15:53:53 GMT-3
I wouldn't be too quick to rule out PAT. PAT does not work with IPSEC because y
ou do not have TCP or UDP ports to map the connection. True NAT will work becau
se it does a 1:1 address mapping and does not require port numbers. When you us
e the VPN client with the 3000 series VPN concentrator (Altiga), you can tunnel
IPSEC over UDP which allows it to work with PAT. I don't think the PIX has the
same capability. I can't explain why it would work with your Linksys, as I've
never worked with one.
-Tim
At 05:46 PM 8/29/01 -0400, Joseph McEvoy wrote:
>Hello Group,
>
>I have installed a PIX running 6.01 and configured it for Cisco's latest VPN
>client 3.02. Anyway, it works like a charm except when the user is at a
>remote location with firewall. I don't believe this is a NAT/PAT issue, as I
>can connect from home using a Linksys router that is doing PAT. My only
>guess is that our PIX (the VPN termination point) is initiating an ISAKMP
>key exchange back to the client after the client goes through exchanging its
>key.
>
>Does anybody have a workaround, or at the very least can anybody confirm why
>this is happening?
>TIA -Joe McEvoy
>**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:13 GMT-3