Solved

Sonicwall VPN through a PIX 501

Posted on 2004-08-07
1
815 Views
Last Modified: 2013-11-16
I have searched every answer here and everything that I can find a Cisco. I even bought a Command Reference book but I am still at a loss.
I have a client inside my network that need to VPN to an outside server. I seem to be able to connect to the server and authenticate but I am not drawing a valid IP address. Hence I cannot connect to anything on the other network. This workstation works fine when I put it outside of the 501.
I have tried a static translation to the workstation. I have even tried allowing any IP inbound in the access list hoping just to prove to myself that I just don't have the right ports open.
Everything I read says that 6.3(3) supports IPSEC passthrough but I can't find an example that I can follow...even on the Cisco site. Can somebody...anybody tell me where to find documentation on how to set this up.
0
Comment
Question by:jonapp
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 11744149
You have two optoins.
1. Setup 1-to-1 static nat for that workstation to have a public IP all to itself
2. Enable isakmp nat-transparency:

          isakmp nat-traversal 30


0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now