Thanks Hansraj!
I looked at your config. There is only one command that I do not have
isakmp identity outside
I am downgrading my IOS to 5.2(5) and 5.2(3) to see if it works. I have had
problems with the VPN concentrator 6.x IOS with partner and client tunneling
and did the same thing,
IPSec does not work with PAT on a PIX. You can with NAT though.
http://www.cisco.com/warp/public/707/ipsecnat.html
Allen
- Original Message -
From: Theodore stout
To:
Sent: Wednesday, October 24, 2001 1:02 AM
Subject: RE: PIX with PAT and VPN [7:23490]
I got the same access-lists
] [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 22, 2001 1:41 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX with PAT and VPN [7:23490]
I tried this and it did not work. When IPSEC negociates a VPN
session
between the two PIX's, it will PAT an internal device from
Network
PAT can now use the same address as the outside interface with the
'interface' keyword:
e.g., global (outside) 1 interface
- Original Message -
From: Patrick Ramsey
To:
Sent: Wednesday, October 24, 2001 7:34 AM
Subject: RE: PIX with PAT and VPN [7:23490]
You definately want to use
with PAT and VPN [7:23490]
You definately want to use a different ip addres for PAT than what you
have
set on the interface. I'm surprised PAT is even working, unless cisco
has
made some changes to their code recently.
-Patrick
Message Posted at:
http://www.groupstudy.com/form
] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 23, 2001 11:02 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX with PAT and VPN [7:23490]
I got the same access-lists on both sides and they have been verified by
other people. I know this will not take me down.
If you can e-mail me the config
between two LAN segments.
Just make sure access-list is mirror image on both peers.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 22, 2001 1:41 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX with PAT and VPN [7:23490]
I tried this and it did
.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 22, 2001 1:41 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX with PAT and VPN [7:23490]
I tried this and it did not work. When IPSEC negociates a VPN
session
between the two PIX's
I tried this and it did not work. When IPSEC negociates a VPN session
between the two PIX's, it will PAT an internal device from Network A as
206.112.71.5 and use 206.112.71.5:500 for the negociation. Once another
device wishes to access a device behind 206.112.71.6, it will have to use
With PIX you must have one legal address for the outside interface on BOTH
PIXs. That's actually enough to do what you want to do. Say that your
legal address on PIX1 is 206.112.71.5/30. Go to PIX2 startup ipsec and
input isakmp key 'your key' address 206.112.71.5. Then input crypto
map
10 matches
Mail list logo