AH does work fine behind NAT, otherwise no one could ever run VPNs behind a firewall. I can run a VPN from behind my PIX with the following ACLs:
access-list VPN permit ah any any access-list VPN permit esp any any access-list VPN permit udp any any eq isakmp Still, my question remains, is there anyway to have port redirected statics evaluate before a generic static? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63732&t=63638 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
