[c-nsp] How do I get VPN access through a PIX
Brant I. Stevens
branto at branto.com
Tue Oct 11 16:30:59 EDT 2005
I think in order to have the clients access a VPN head-end elsewhere, via
the PIX, you're looking for the isakmp fixup functionality. I believe that
because available in version 6.3.3 of the PixOS, but memory fails me.
I can tell you that you will not be able to use the isakmp fixup function on
a given firewall if you are also *TERMINATING* tunnels on your
Internet-facing interface as well...
HTH,
Brant.
On 10/11/05 4:17 PM, "Bruce Pinsky" <bep at whack.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Voll, Scott wrote:
>> Cisco vpn client to pix or 3005.
>>
>
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_e
> xample09186a008045a2d2.shtml
>
> shows allowing ESP and ISAKMP traffic to traverse the PIX.
>
> - --
> =========
> bep
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (MingW32)
>
> iD8DBQFDTB3ME1XcgMgrtyYRAudKAJ4gCBs02BiIzpdunFMVVUNAdCn/kwCg0J9z
> 4kp8VaOeV7iqqzvlnajDPTk=
> =9mXV
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list