[c-nsp] IPSEC behind NAT device problem
Peter Rathlev
prb at sks.aaa.dk
Thu Oct 18 14:28:58 EDT 2007
<mihai at duras.ro> 10/18/07 7:49 PM GMT+2:
> This is my config:
And you have the "sysopt connection permit-ipsec" enabled on the PIX?
Do any of the end points have any other IPSec peers, so you can
narrow down which end is misbehaving?
It's a shame that the PIX can't do GRE+IPSec. A router behind or
instead of the PIX could though. You could have a smallish router do
GRE and then make the PIX do IPSec for performance.
Regards,
Peter Rathlev
More information about the cisco-nsp
mailing list