[c-nsp] Cisco VPN Concentrator
Bob Fronk
bfronk at davishelliot.com
Thu Nov 10 10:14:07 EST 2005
How might I do that?
Bob Fronk, MCSE
bfronk at davishelliot.com
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin M.
Streiner
Sent: Thursday, November 10, 2005 10:09 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco VPN Concentrator
On Thu, 10 Nov 2005, Bob Fronk wrote:
> Cisco VPN 3000 Concentrator. If you are familiar with this product,
you
> know that it has two interfaces, one private and one public. I do not
> wish to give this device a public internet address. I want to place
it
> behind my PIX.
If I read your message correctly, you will run into problems because
IPSEC
does not like being NAT'd. Anything that scribbles on the headers of an
IP packet (like NAT) will be problematic with IPSEC since the packet
checksum would change. You can try to work around this using NAT
Transparency.
jms
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list