From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Fri May 12 2006 - 11:34:18 ART
I didn't see a response to this so I'll post one.
It sounds like you have the concept of NAT-T a little backwards. By your
post, it sounds like your client is behind the PIX you are configuring NAT-T
on. This is not correct if so. NAT-T must be supported on the far end
device, not the local device.
There are several possible reasons why your VPN connection isn't working.
Be sure the necessary ports are open: 500 and 4500 (and sometimes 10000 is
used) and also make sure the protocols ESP and/or AH are allowed in from the
outside. I usually use "permit esp any any" in the ACL assigned to the
outside interface. You could also try setting the client to use UDP rather
than TCP.
HTH
Rik
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mohamed.N
Sent: Friday, May 05, 2006 5:17 AM
To: ccielab@groupstudy.com
Subject: OT- NAT-Traversal thro PIX
Hi All
Sorry for OT.
We did a nat-traversal config in PIX and ASA.Both are not working.
The scenario is ,there is an internal interface in PIX, which has private
IP.A machine in this segment has to dial VPN to outside VPN server.For this
we have to configure nat-traversal feature in PIX.The client is cisco VPN
client.
I searched for the command and it is only one command
isakmp nat-traversal
The machine is unable to connect VPN.But if we bye-pass the PIX, it is
connecting and working fine.
If i use a public IP for the inside interface and assign a public ip to the
machine, then iam able to dial VPN thro PIX.
I tried with PAT and one to one NAT, both dont work,.
i have sysopt permit ipsec command also in the outside interface and enabled
isakmp in the inside segment.
Is there any other command or any issues to look in to ?
I tried with ASA also ,same problem, version of PIX is 6.3 and ASA is 7.0
Regards
Mohamed.
********** DISCLAIMER **********
Information contained and transmitted by this E-MAIL is proprietary to Sify
Limited and is intended for use only by the individual or entity to which it
is addressed, and may contain information that is privileged, confidential
or exempt from disclosure under applicable law. If this is a forwarded
message, the content of this E-MAIL may not have been sent with the
authority of the Company. If you are not the intended recipient, an agent of
the intended recipient or a person responsible for delivering the
information to the named recipient, you are notified that any use,
distribution, transmission, printing, copying or dissemination of this
information in any way or in any manner is strictly prohibited. If you have
received this communication in error, please delete this mail & notify us
immediately at admin@sifycorp.com
Log on to www.Sifymax.com for Cricket video score card, Hot videos from
Lakme Fashion Week and more only on Sify Max!
Get to see what's happening in your favourite City on Bangalore Live!
www.bangalorelive.in
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART