This is correct. IPSec will NOT through PAT. At the moment, Pix does NOT support "NAT traversal (udp encapsulation)". Therefore, trying to connect to a Pix behind a NAT device with vpn dialer will not work. VPN concentrators, on the other hand will work. Or better yet, throw away your Pix and put in either a CheckPoint NG Firewall or linux firewall (iptables). Both CP and Linux are "stateful" firewalls. If you want to stick with Pix, wait until version 6.3 where it will support "NAT traversal (UDP encapsulation)". Edward Sohn wrote:nope, it won't work...ipsec needs it's own IP address and not PAT. i've tested this extensively, and it won't work...if anyone else can comment, please do.
either way, best thing to do is get a few statics from your ISP and statically translate... ed -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Derek Sent: Sunday, November 24, 2002 9:12 AM To: [EMAIL PROTECTED] Subject: PIX Client & WIN2000 Internet sharing [7:57988] I have a home network which uses an ADSL line which is shared via Internet Connection Sharing. I have 3 pc's in the network and they can all access the internet. From these pc's i am trying to connect to my office VPN.I Can ping the address but cannot connect via Dialer. The VPN connection works when Internet Sharing is disabled. Is their anyway around this ????????? Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58011&t=57988 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
