PIX 515 v6.3 & VPN nat-traversal

pasatealinux · 03-25-2008

Hi,

I have VPN clients connecting to my pix 515 v.6.3 using Nat-traversal ( aka IPSEC/udp ).

I have 2 wan interfaces. One interface is used to VPN site to site to different remote peers. The other interface is used to finish cisco vpn clients.

The cisco VPN clients are configured using IPSEC over udp ( nat-traversal ).
I have many different profiles for remote cisco vpn clients.

I see that some remote employees have problems with VPN clients using an specific dsl router. It seems there's a problem with nat translations in these routers.

I was reading vpnclient pdf and It suggest to change the method of the vpn client and configuring IPSEC over TCP ( port tcp 10000 ).

I would like to modify the PIX config to allow IPSEC over TCP, then I think that I must configure the command : no crypto isakmp nat-traversal

I would like to know if this command will brake my VPN site to site tunnels used in the other interface and if this will brake the current enviroment for the rest of the remote vpn clients ( cisco software ).

Alternatives are wellcome.

Thank you very much.

Best regards.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
PIX-515-UR-BUN how to enable VPN-DES: , VPN-3DES-AES:	andrew_grafik	General Computer Support	0	10-10-2009 11:01 AM
Site to Site VPN problems between PIX 501 and PIX 515	Jeff	Cisco	5	01-04-2007 02:18 AM
PIX 515 - can Use VPN300 Client and PIX-to-PIX VPN at the same time?	Stephen M	Cisco	1	11-14-2006 02:03 PM
PIX 515 to PIX 515 via Internet & IPSec, should I get a VAC?	Scott Townsend	Cisco	8	02-22-2006 09:59 PM
VPN - Easy VPN Server (PIX 515) and Hardware Client (831 Router)	Al	Cisco	0	02-16-2005 08:15 PM