[c-nsp] Cisco VPN Concentrator
kevin gannon
kevin at gannons.net
Thu Nov 10 10:23:43 EST 2005
Dont have a box in front of me but if you are using clients
that support it I would advise using NAT Traversal:
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/tunnel.htm#wp1029463
Regards
Kevin
On 11/10/05, Bob Fronk <bfronk at davishelliot.com> wrote:
> How might I do that?
>
> Bob Fronk, MCSE
> bfronk at davishelliot.com
>
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin M.
> Streiner
> Sent: Thursday, November 10, 2005 10:09 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco VPN Concentrator
>
> On Thu, 10 Nov 2005, Bob Fronk wrote:
>
> > Cisco VPN 3000 Concentrator. If you are familiar with this product,
> you
> > know that it has two interfaces, one private and one public. I do not
> > wish to give this device a public internet address. I want to place
> it
> > behind my PIX.
>
> If I read your message correctly, you will run into problems because
> IPSEC
> does not like being NAT'd. Anything that scribbles on the headers of an
>
> IP packet (like NAT) will be problematic with IPSEC since the packet
> checksum would change. You can try to work around this using NAT
> Transparency.
>
> jms
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list