Hello,
Pix software 7.0.2: we realized that with our VPN setup, clients behind NAT/PAT routers have problems because of AH (Header Authentication). Where in the config do I disable AH? Here is the relevant part of the config:
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 match address testlist crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside isakmp enable outside isakmp policy 40 authentication pre-share isakmp policy 40 encryption 3des isakmp policy 40 hash md5 isakmp policy 40 group 2 isakmp policy 40 lifetime 86400 isakmp nat-traversal 20 isakmp ipsec-over-tcp port 10000 tunnel-group DefaultRAGroup type ipsec-ra tunnel-group DefaultRAGroup general-attributes authentication-server-group (outside) RADIUS tunnel-group mpivpn type ipsec-ra tunnel-group mpivpn general-attributes address-pool adpool authentication-server-group (outside) RADIUS default-group-policy mpivpn tunnel-group mpivpn ipsec-attributes pre-shared-key xxxxx
Regards, Christoph Gartmann