[c-nsp] Cisco VPN Concentrator
kevin gannon
kevin at gannons.net
Thu Nov 10 11:00:24 EST 2005
For NAT traversal what port is the client setup to use. For the
cisco client you must manually turn it on. For the older code
the port was TCP 10000 or 10001 can remember for sure. To
turn it on under the client. Its under the transport tab of the
clients configurtion. You also have the option for UDP traversal
in newer clients.
Regards
Kevin
On 11/10/05, Bob Fronk <bfronk at davishelliot.com> wrote:
> I have those ports open to the Concentrator.
>
> I have also enable nat-t on the client and concentrator and still get
> the same errors.
>
> I think I will just hang the concentrator off a public IP on the edge
> router and be done with it.
>
> Bob Fronk, MCSE
> bfronk at davishelliot.com
>
>
>
>
> -----Original Message-----
> From: Stevens, Brant I. [mailto:brant.stevens at hcmny.com]
> Sent: Thursday, November 10, 2005 10:53 AM
> To: kevin gannon; Bob Fronk
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Cisco VPN Concentrator
>
> I believe to use NAT Traversal, you will need to open UDP port 500 to
> the concentrator as well. IIRC, doesn't the Cisco client also use port
> 4500?
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of kevin gannon
> Sent: Thursday, November 10, 2005 10:24 AM
> To: Bob Fronk
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco VPN Concentrator
>
> Dont have a box in front of me but if you are using clients that support
> it I would advise using NAT Traversal:
>
> http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/t
> unnel.htm#wp1029463
>
> Regards
> Kevin
>
> On 11/10/05, Bob Fronk <bfronk at davishelliot.com> wrote:
> > How might I do that?
> >
> > Bob Fronk, MCSE
> > bfronk at davishelliot.com
> >
> >
> >
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin M.
> > Streiner
> > Sent: Thursday, November 10, 2005 10:09 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Cisco VPN Concentrator
> >
> > On Thu, 10 Nov 2005, Bob Fronk wrote:
> >
> > > Cisco VPN 3000 Concentrator. If you are familiar with this product,
> > you
> > > know that it has two interfaces, one private and one public. I do
> > > not wish to give this device a public internet address. I want to
> > > place
> > it
> > > behind my PIX.
> >
> > If I read your message correctly, you will run into problems because
> > IPSEC does not like being NAT'd. Anything that scribbles on the
> > headers of an
> >
> > IP packet (like NAT) will be problematic with IPSEC since the packet
> > checksum would change. You can try to work around this using NAT
> > Transparency.
> >
> > jms
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
> This e-mail message is intended only for the named recipient(s) above.
> It may contain confidential information. If you are not the intended
> recipient you are hereby notified that any dissemination, distribution
> or copying of this e-mail and any attachment(s) is strictly prohibited.
> If you have received this e-mail in error, please immediately notify the
> sender by replying to this e-mail and delete the message and any
> attachment(s) from your system. Thank you.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
More information about the cisco-nsp
mailing list