Firewall Wizards mailing list archives
pix 515 vpn client using PAT
From: "Daniel Handley" <daniel () homepage net>
Date: Tue, 10 Jul 2001 15:35:40 +0100
i have upgraded my pix 515 to version 6.01 in the hope of using vpn client 3 from multiple platforms. i have succeeded so far in that it works from an open connection but not from behind a PAT router (W2K server running nat from home with a cable modem). the current config for the vpn client is below. i also have four other sites connected, some fully meshed the others hub and spoke. i use the access list for these in the config. is there something missing that will enable the use of PAT to the pix. i have enabled the client but it times out. dan crypto ipsec transform-set hpvpn esp-des esp-md5-hmac crypto dynamic-map dynvpn 50 set transform-set hpvpn crypto map map2 50 ipsec-isakmp dynamic dynvpn isakmp client configuration address-pool local ippool outside isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 1000 vpngroup test address-pool ippool vpngroup test dns-server 10.200.100.200 vpngroup test wins-server 10.200.100.200 vpngroup test split-tunnel 100 vpngroup test idle-time 1800 vpngroup test password ******** Daniel Handley Infrastructure Manager, HomePage Ltd Tel: 020 8880 4570 Fax: 020 8880 4328 mailto:daniel () homepage net http://www.homepage.net _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- pix 515 vpn client using PAT Daniel Handley (Jul 11)
- Re: pix 515 vpn client using PAT Eric Vyncke (Jul 17)
- <Possible follow-ups>
- Re: pix 515 vpn client using PAT Scott C. Best (Jul 18)