Re: Do we need to enable NAT -T on Local and Remote Firewalls

From: Jian Gu (guxiaojian@gmail.com)
Date: Mon Dec 01 2008 - 16:33:49 ARST

• Next message: Razzaq Shaikh: "OSPF Updates Restriction"
• Previous message: Jason Madsen: "Re: policing question"
• Maybe in reply to: Akber Ali Mirza: "Re: Do we need to enable NAT -T on Local and Remote Firewalls"
• Next in thread: Akber Ali Mirza: "Re: Do we need to enable NAT -T on Local and Remote Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What do you mean by turn on NAT-T between internal firewall and remote VPN?
your internal firewall does not terminate IPsec, your IPsec VPN is between
PIX515E and Nortel VPN client. Besides, NAT-T is a one line global
configuration, you don't specify which IPsec peer to use NAT-T, once
enabled, IPsec will automatically detect NAT.

On Mon, Dec 1, 2008 at 5:19 AM, Akber Ali Mirza <akberali.cisco@gmail.com>wrote:

> Hi Experts,
>
> Could you please Answer the below query .
>
> ( I know this forum is not meant for other than CCIE LAB, I apologise for
> it)
>
> Best Regards,
> Akber Mirza.
>
> On Mon, Dec 1, 2008 at 2:04 PM, Akber Ali Mirza <akberali.cisco@gmail.com
> >wrote:
>
> > Hi ,
> >
> > I have IPSEC configured between local end -Cisco PIX 515E & Remote end
> > device - Nortel VPN box . Users from Local end use VPN
> >
> > to access Remote end applciations. But I am facing issues like VPN
> > disconnections ( 10 users out of 30) intermittently. After i perform
> clear
> > all the sessions from Cisco PIX firewall users who are facing problem are
> > able to connect back to the VPN with out any issues.
> >
> > My Network :-
> >
> > user PC ----> Coreswitch--> Netscreen Internal Firewall ----> Cisco PIX
> > External firewall 6.2OS ver----> ISP Provider -------> Remote end
> Nortel
> > VPN.
> >
> > When we checked with our vendor Cisco theya re suggesting us to enable
> > NAT-T between our Internal Firewall & Remote VPN to overcome this issue.
> >
> > Please let us know do we need this option to enable. Also let me know
> other
> > possibilities for causing this issue.
> >
> >
> > Thanks and Regards,
> > Akber Mirza.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Razzaq Shaikh: "OSPF Updates Restriction"
• Previous message: Jason Madsen: "Re: policing question"
• Maybe in reply to: Akber Ali Mirza: "Re: Do we need to enable NAT -T on Local and Remote Firewalls"
• Next in thread: Akber Ali Mirza: "Re: Do we need to enable NAT -T on Local and Remote Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:07 ARST