ipsec tunnel using pix and cisco behined dsl router

Hello company uses a dsl router call cayman63, i believe it is cable of mapping the statically assign ip of the dsl provider to the cisco router interface. Is this necessary to establish an ipsec tunel? or can it be done using mapping the external interface/ port to the a router behind a cheap dsl router.

Thanks

Reply to
jcharth
Loading thread data ...

Hi Generally ipsec needs a dedicated static ip address to form tunnel and pass data . What kind of Ipsec tunnel are we building here ..lan to lan or remote access vpn ?

In remote access vpn , using nat tranparency feature on VPN gateway and vpn client ...u can bypass any nat device in between .

HTH SH

Reply to
sarabjit.herr

Thanks for the reply it is a tunnel between a remote site using a cisco

17xx series and a pix firewall. I believe the feature that maps the external ip of the adsl router to the ciscorouter is call ipmaps, i did not find much documentation about this, it is probably called nat transparency. Ive tried mapping the ports of my dsl router at home to a linux box but i havent been ablet to create my first tunel, i will try with a cisco router that i have sitting around tonight.
Reply to
jcharth

Yes you are correct . This will work for cisco router and PIX provided your dsl router supports nat transparency . Cisco IOS supporting Nat transparency is above 12.2(13T) ( enabled by default) and PIX code is 6.3 (u will have to put command "nat-t" ) . The tunnel then uses two ports udp 500 (ike) and udp 4500 ----normally it is udp500 and esp . HTH SH

Reply to
sarabjit.herr

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.