You probably want to use a feature that the Cisco Universal VPN client and Secure VPN server 30XX series support which will tunnel IPSEC over UDP. You can select a UDP port (defaults to 10,000 I believe) to use to tunnel the IPSEC over. See the Cisco VPN documentation.
Encapsulating the IPSEC packets ( IP, AH, ESP and ULP payload ) within a UDP 'wrapper' protects IPSEC from the harmful IP address rewriting effects of NAT by isolating them from it... - H. Morrow Long Josh Welch wrote: > > > Hello All, > > > > We are currently having issues with Cisco's 3000 VPN Client > > (ver. 2.5.2 B) > > connecting via IKE to a PIX (6.1 (3)) from behind Checkpoint FW-1 4.1 Sp5 > > doing hide NAT. > > I am not familiar with these products, but if I understand IKE, it implies > using an IPSec VPN. If you are natting with an IPSec VPN, you will have > problems. NAT rewrites the packet headers, IPSec checks headers to make > sure that they have not been tampered with between the server and the > client, you can see how this would create a conflict. Typically speaking, > it is not recommended to use an IPSec VPN through a NAT gateway. > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls
smime.p7s
Description: S/MIME Cryptographic Signature
