[c-nsp] Cisco VPN Concentrator
Stevens, Brant I.
brant.stevens at hcmny.com
Thu Nov 10 10:53:21 EST 2005
I believe to use NAT Traversal, you will need to open UDP port 500 to
the concentrator as well. IIRC, doesn't the Cisco client also use port
4500?
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of kevin gannon
Sent: Thursday, November 10, 2005 10:24 AM
To: Bob Fronk
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco VPN Concentrator
Dont have a box in front of me but if you are using clients that support
it I would advise using NAT Traversal:
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/t
unnel.htm#wp1029463
Regards
Kevin
On 11/10/05, Bob Fronk <bfronk at davishelliot.com> wrote:
> How might I do that?
>
> Bob Fronk, MCSE
> bfronk at davishelliot.com
>
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin M.
> Streiner
> Sent: Thursday, November 10, 2005 10:09 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco VPN Concentrator
>
> On Thu, 10 Nov 2005, Bob Fronk wrote:
>
> > Cisco VPN 3000 Concentrator. If you are familiar with this product,
> you
> > know that it has two interfaces, one private and one public. I do
> > not wish to give this device a public internet address. I want to
> > place
> it
> > behind my PIX.
>
> If I read your message correctly, you will run into problems because
> IPSEC does not like being NAT'd. Anything that scribbles on the
> headers of an
>
> IP packet (like NAT) will be problematic with IPSEC since the packet
> checksum would change. You can try to work around this using NAT
> Transparency.
>
> jms
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
This e-mail message is intended only for the named recipient(s) above. It may contain confidential information. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system. Thank you.
More information about the cisco-nsp
mailing list