I don't know what docs you're looking at, but I don't believe that PIX
supports L2TP/IPSec - I think it's "native" IPSec only. Do you have a
reference or quote that makes you think it _should_ work?
AFAIK, the only VPDN style stuff you can do is PPTP. If you want to use
username and password auth then you can fudge it with Xauth (which Cisco
assert is a "standard").
Needless to say, "native" IPSec and NAT Just Don't Get Along. If you're
interested, the reasons are really well covered in the archives (several
times!). I'd say you need to either terminate the VPN on the PIX or use nat0
to exempt the IPSec traffic from NAT (but that also involves using real IPs
on your VPN endpoint etc etc).
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
> -----Original Message-----
> From: Jason Lewis [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 10, 2001 9:50 AM
> To: [EMAIL PROTECTED]
> Subject: L2TP through PIX
>
>
> I am trying to create an L2TP tunnel through a PIX running
> 5.3(1). I have
> ESP and ISAKMP open to the target server behind the PIX.
> Clients fail to
> connect at the end of the negotiation where the server has to
> respond to the
> client.
>
> Am I missing something? Could the PIX be causing the problem?
>
> I am using NAT for the server but not PAT. According to the
> docs, it should
> work.
>
> Jason Lewis
> http://www.packetnexus.com
> It's not secure "Because they told me it was secure".
> The people at the other end of the link know less
> about security than you do. And that's scary.
>
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
