[c-nsp] Cisco VPN Concentrator

Justin M. Streiner streiner at cluebyfour.org
Thu Nov 10 10:09:18 EST 2005

On Thu, 10 Nov 2005, Bob Fronk wrote:

> Cisco VPN 3000 Concentrator.  If you are familiar with this product, you
> know that it has two interfaces, one private and one public.  I do not
> wish to give this device a public internet address.  I want to place it
> behind my PIX.

If I read your message correctly, you will run into problems because IPSEC 
does not like being NAT'd.  Anything that scribbles on the headers of an 
IP packet (like NAT) will be problematic with IPSEC since the packet 
checksum would change.  You can try to work around this using NAT 


More information about the cisco-nsp mailing list