RE: PIX with PAT and VPN [7:23490]

2001-10-25 Thread Theodore stout
Thanks Hansraj! I looked at your config. There is only one command that I do not have isakmp identity outside I am downgrading my IOS to 5.2(5) and 5.2(3) to see if it works. I have had problems with the VPN concentrator 6.x IOS with partner and client tunneling and did the same thing,

Re: PIX with PAT and VPN [7:23490]

2001-10-24 Thread Allen May
IPSec does not work with PAT on a PIX. You can with NAT though. http://www.cisco.com/warp/public/707/ipsecnat.html Allen - Original Message - From: Theodore stout To: Sent: Wednesday, October 24, 2001 1:02 AM Subject: RE: PIX with PAT and VPN [7:23490] I got the same access-lists

RE: PIX with PAT and VPN [7:23490]

2001-10-24 Thread Patrick Ramsey
] [mailto:[EMAIL PROTECTED]] Sent: Monday, October 22, 2001 1:41 AM To: [EMAIL PROTECTED] Subject: Re: PIX with PAT and VPN [7:23490] I tried this and it did not work. When IPSEC negociates a VPN session between the two PIX's, it will PAT an internal device from Network

Re: PIX with PAT and VPN [7:23490]

2001-10-24 Thread Don Claybrook
PAT can now use the same address as the outside interface with the 'interface' keyword: e.g., global (outside) 1 interface - Original Message - From: Patrick Ramsey To: Sent: Wednesday, October 24, 2001 7:34 AM Subject: RE: PIX with PAT and VPN [7:23490] You definately want to use

Re: PIX with PAT and VPN [7:23490]

2001-10-24 Thread Jonathan Hays
with PAT and VPN [7:23490] You definately want to use a different ip addres for PAT than what you have set on the interface. I'm surprised PAT is even working, unless cisco has made some changes to their code recently. -Patrick Message Posted at: http://www.groupstudy.com/form

RE: PIX with PAT and VPN [7:23490]

2001-10-24 Thread Hansraj Patil
] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 23, 2001 11:02 PM To: [EMAIL PROTECTED] Subject: RE: PIX with PAT and VPN [7:23490] I got the same access-lists on both sides and they have been verified by other people. I know this will not take me down. If you can e-mail me the config

RE: PIX with PAT and VPN [7:23490]

2001-10-23 Thread Hansraj Patil
between two LAN segments. Just make sure access-list is mirror image on both peers. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, October 22, 2001 1:41 AM To: [EMAIL PROTECTED] Subject: Re: PIX with PAT and VPN [7:23490] I tried this and it did

RE: PIX with PAT and VPN [7:23490]

2001-10-23 Thread Theodore stout
. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, October 22, 2001 1:41 AM To: [EMAIL PROTECTED] Subject: Re: PIX with PAT and VPN [7:23490] I tried this and it did not work. When IPSEC negociates a VPN session between the two PIX's

Re: PIX with PAT and VPN [7:23490]

2001-10-22 Thread Theodore stout
I tried this and it did not work. When IPSEC negociates a VPN session between the two PIX's, it will PAT an internal device from Network A as 206.112.71.5 and use 206.112.71.5:500 for the negociation. Once another device wishes to access a device behind 206.112.71.6, it will have to use

Re: PIX with PAT and VPN [7:23490]

2001-10-19 Thread [EMAIL PROTECTED]
With PIX you must have one legal address for the outside interface on BOTH PIXs. That's actually enough to do what you want to do. Say that your legal address on PIX1 is 206.112.71.5/30. Go to PIX2 startup ipsec and input isakmp key 'your key' address 206.112.71.5. Then input crypto map