Mike, If you look at my diagram it is not terminating on the pix and the first post does not say he is terminating on a pix, he just simply stated that he is trying to go through a microsoft box to his vpn corporate network. Because he was told that nat will not work with PAT (udp encapsulation) I was trying to clear it up to let him know it will with the right devices in place as in my diagram. IPSEC will work with PAT just not with the pix as the terminating device. Let's not confuse the guy I think all he wants to know is why when he uses microsoft internet connection sharing on a box that his ipsec does not work. That is why I am asking for a diagram because I am not sure ANY of us understand what he is trying to do. Read the original post below says nothing about terminating on a pix.
I have a home network which uses an ADSL line which is shared via Internet Connection Sharing. I have 3 pc's in the network and they can all access the internet. From these pc's i am trying to connect to my office VPN.I Can ping the address but cannot connect via Dialer. The VPN connection works when Internet Sharing is disabled. Is their anyway around this ????????? Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now -----Original Message----- From: mike greenberg [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 24, 2002 9:35 PM To: [EMAIL PROTECTED] Subject: RE: PIX Client & WIN2000 Internet sharing [7:57988] This is correct. IPSec will NOT through PAT. At the moment, Pix does NOT support "NAT traversal (udp encapsulation)". Therefore, trying to connect to a Pix behind a NAT device with vpn dialer will not work. VPN concentrators, on the other hand will work. Or better yet, throw away your Pix and put in either a CheckPoint NG Firewall or linux firewall (iptables). Both CP and Linux are "stateful" firewalls. If you want to stick with Pix, wait until version 6.3 where it will support "NAT traversal (UDP encapsulation)". Edward Sohn wrote:nope, it won't work...ipsec needs it's own IP address and not PAT. i've tested this extensively, and it won't work...if anyone else can comment, please do. either way, best thing to do is get a few statics from your ISP and statically translate... ed -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Derek Sent: Sunday, November 24, 2002 9:12 AM To: [EMAIL PROTECTED] Subject: PIX Client & WIN2000 Internet sharing [7:57988] I have a home network which uses an ADSL line which is shared via Internet Connection Sharing. I have 3 pc's in the network and they can all access the internet. From these pc's i am trying to connect to my office VPN.I Can ping the address but cannot connect via Dialer. The VPN connection works when Internet Sharing is disabled. Is their anyway around this ????????? Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58023&t=57988 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
