Re: 2 vpn clients on Home LAN
- From: "Mark Williams" <webmaster@xxxxxxxxxxxxx>
- Date: 19 Apr 2006 15:58:43 -0700
NAT traversal in negotiated for clients that support it. If a client
and the PIX both support NAT traversal (IPSec over UDP), it will be
chosen as the preferred method for the connection. If a client does not
support it, you can still use traditional IPSec.
In other words, using the isakmp nat-traversal command *allows* to PIX
to use IPSec NAT traversal, but doesn't force all connections to use
it. I think!
Keep in mind that the maximum number of traditional IPSec connections
your PIX can support is set by the number of globally routable
addresses available at the outside interface. If you have a pool of say
13 routable addresses assigned at the outside interface, you can
support a max of 13 traditional IPSec sessions. If you enable nat
traversal, you would be able to support many more connections.
.
- Follow-Ups:
- Re: 2 vpn clients on Home LAN
- From: Walter Roberson
- Re: 2 vpn clients on Home LAN
- References:
- 2 vpn clients on Home LAN
- From: Som
- Re: 2 vpn clients on Home LAN
- From: Mark Williams
- Re: 2 vpn clients on Home LAN
- From: Som
- 2 vpn clients on Home LAN
- Prev by Date: splitting ATM PVC between different routers
- Next by Date: Re: Setting up VPN from Windows XP to a Cisco router
- Previous by thread: Re: 2 vpn clients on Home LAN
- Next by thread: Re: 2 vpn clients on Home LAN
- Index(es):
Relevant Pages
|
|
