[c-nsp] Cisco VPN Concentrator
Justin M. Streiner
streiner at cluebyfour.org
Thu Nov 10 10:09:18 EST 2005
On Thu, 10 Nov 2005, Bob Fronk wrote:
> Cisco VPN 3000 Concentrator. If you are familiar with this product, you
> know that it has two interfaces, one private and one public. I do not
> wish to give this device a public internet address. I want to place it
> behind my PIX.
If I read your message correctly, you will run into problems because IPSEC
does not like being NAT'd. Anything that scribbles on the headers of an
IP packet (like NAT) will be problematic with IPSEC since the packet
checksum would change. You can try to work around this using NAT
Transparency.
jms
More information about the cisco-nsp
mailing list