Pass Client to Site IPSec VPN Tunnell Through Pix 6.3x

I am trying to allow a client to site VPN tunnell through a PIX Firewall (version 6.3x).  Can anyone shed any light?
LVL 1
jhartlovAsked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
Depends. What client are they using?
Do you have your own VPN configuration for external users to VPN in, or have a site-site VPN tunnel?

2 things to try:
 isakmp nat-traversal 20  <== other end must be setup to allow allow clients to use nat-traversal
 fixup protocol ike-esp <== can't use this if you also have VPN's on your PIX

Else, give this client a 1-1 static nat if you have enough public IP addresses.
0
 
jhartlovAuthor Commented:
I am using this to terminate site to site tunnels as well as to terminate client to site tunnels.  Not looking good?
0
 
jhartlovAuthor Commented:
Would it be easier if I were to upgrade this box to PIX v7?
0
 
lrmooreCommented:
7.0 does not provide any advantage in this regard.
What client software are they using? A 1-1 static nat will fix the issue..
0
 
jhartlovAuthor Commented:
isakmp nat-traversal on the other end did the trick!  Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.