[c-nsp] pix vpn problem
Aaron Daubman
daubman at gmail.com
Wed Sep 26 10:02:32 EDT 2007
Mark,
> A customer has a Cisco Pix (6.3) with remote users using
> the cisco vpn client. When they have two remote people
> behind the same NAT box (which we don't control, perhaps
> in a hotel) then only one of them can be connected at a
> time. When the second tries to connect, the first gets
> disconnected.
>
> Is this likely to be a problem with the (unknown) NAT box,
> or on the PIX? If on the PIX, is it fixable?
You'll likely want to enable nat traversal on the PIX.
This doc is for ASA 7.2, but should apply to PIX 6.3 as well:
http://www.cisco.com/en/US/customer/docs/security/asa/asa72/command/reference/i3_72.html#wp1732264
It's been a while since I've done client-side VPN profile configs, but
I believe that if your profiles are setup using standard IPSec (not
pre-nat-t cisco UDP encap, or TCP encap), then NAT-T will work
automatically once enabled...
Hopefully the NAT device your users are behind is new enough to
support NAT-T as well.
Hope this helps,
~Aaron
More information about the cisco-nsp
mailing list