[c-nsp] IPSEC behind NAT device problem

Peter Rathlev prb at sks.aaa.dk
Thu Oct 18 14:53:29 EDT 2007

"J. Oquendo" <sil at infiltrated.net> 10/18/07 7:40 PM GMT+2:
> nonrandomseq is your friend

Last time I checked the "norandomseq" was something you applied to a 
nat/static statement to prevent the PIX/ASA from manipulating TCP 
sequence numbers when translating connections traversing the 
firewall. In this case, we're talking ESP, not TCP. And the 
connection is terminated on the firewall itself, not traversing the 

But friends are always welcome. :-)

Peter Rathlev

More information about the cisco-nsp mailing list