I have a vendor PIX firewall sitting behind my ASA 7.2 firewall. IPSEC and isakmp(500) (NAT-T)4500) are opened on the ASA. However the vendor cannot establish an ipsec tunnel to its corporate network. The ASA is only doing PAT. Can this be done via PAT? If not is there an alternative.
Thanks
That -should- be enough, provided that you aren't blocking specific
-source- ports, and provided that the vendor's PIX has NAT-T turned on.
Just to confirm, just in case: those are UDP 500 and UDP 4500 you have open, right?
Yes i do have them opened. Does the vendor have to have NAT-T on both the remote and far end?
Thanks
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.