ipsec tunnel using pix and cisco behined dsl router

Discussion in 'Cisco' started by jcharth, Jun 27, 2005.

  1. jcharth

    jcharth Guest

    Hello company uses a dsl router call cayman63, i believe it is cable of
    mapping the statically assign ip of the dsl provider to the cisco
    router interface. Is this necessary to establish an ipsec tunel? or can
    it be done using mapping the external interface/ port to the a router
    behind a cheap dsl router.

    jcharth, Jun 27, 2005
    1. Advertisements

  2. Hi
    Generally ipsec needs a dedicated static ip address to form tunnel and
    pass data .
    What kind of Ipsec tunnel are we building here ..lan to lan or remote
    access vpn ?

    In remote access vpn , using nat tranparency feature on VPN gateway and
    vpn client ...u can bypass any nat device in between .

    sarabjit.herr, Jun 28, 2005
    1. Advertisements

  3. jcharth

    jcharth Guest

    Thanks for the reply it is a tunnel between a remote site using a cisco
    17xx series and a pix firewall. I believe the feature that maps the
    external ip of the adsl router to the ciscorouter is call ipmaps, i did
    not find much documentation about this, it is probably called nat
    transparency. Ive tried mapping the ports of my dsl router at home to a
    linux box but i havent been ablet to create my first tunel, i will try
    with a cisco router that i have sitting around tonight.
    jcharth, Jun 28, 2005
  4. Yes you are correct . This will work for cisco router and PIX provided
    your dsl router supports nat transparency .
    Cisco IOS supporting Nat transparency is above 12.2(13T) ( enabled by
    default) and PIX code is 6.3 (u will have to put command "nat-t" ) .
    The tunnel then uses two ports udp 500 (ike) and udp 4500 ----normally
    it is udp500 and esp .
    sarabjit.herr, Jun 29, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.