«

Hello company uses a dsl router call cayman63, i believe it is cable of
mapping the statically assign ip of the dsl provider to the cisco
router interface. Is this necessary to establish an ipsec tunel? or can
it be done using mapping the external interface/ port to the a router
behind a cheap dsl router.

Thanks

Hi
Generally ipsec needs a dedicated static ip address to form tunnel and
pass data .
What kind of Ipsec tunnel are we building here ..lan to lan or remote
access vpn ?

In remote access vpn , using nat tranparency feature on VPN gateway and
vpn client ...u can bypass any nat device in between .

HTH
SH

Thanks for the reply it is a tunnel between a remote site using a cisco
17xx series and a pix firewall. I believe the feature that maps the
external ip of the adsl router to the ciscorouter is call ipmaps, i did
not find much documentation about this, it is probably called nat
transparency. Ive tried mapping the ports of my dsl router at home to a
linux box but i havent been ablet to create my first tunel, i will try
with a cisco router that i have sitting around tonight.

Yes you are correct . This will work for cisco router and PIX provided
your dsl router supports nat transparency .
Cisco IOS supporting Nat transparency is above 12.2(13T) ( enabled by
default) and PIX code is 6.3 (u will have to put command "nat-t" ) .
The tunnel then uses two ports udp 500 (ike) and udp 4500 ----normally
it is udp500 and esp .
HTH
SH