PIX to PIX VPN with one sides outside IP private

Unanswered Question
Sep 10th, 2007
User Badges:

I have a PIX at 5 different locations, and they can all connect correctly to each other. 4 of these PIXs have static IPs on the outside interface. the 5th one has a dynamic ip on the outside interface provided by the ISP. So the configuration on that one is a bit different but it connects fine to my other sites.

I want to add another PIX to a new site to connect along with everyone else. The ISP at that site will only provide me with a private IP address on my outside interface (10.1.1.x) and that is also dynamic. The ISP NATs all of its traffic on that subnet to a static IP address that they use for all of their clients.

So, i set up my pix the same way as my other dynamic outside interface PIX, and it will establish the IPSEC tunnel according to the PDM monitor. But my traffic will not flow through from either side.

is the ISP blocking my traffic? or do i have a configuration issue in my new site's PIX? I've checked the config and it's identical with minor variations to the other dynamic pix in my VPN.

Thank you for your help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Mon, 09/10/2007 - 22:38
User Badges:
  • Gold, 750 points or more

isakmp nat-traversal 20

Try to add this command on your 5 pixes

icap Tue, 09/11/2007 - 06:29
User Badges:

Thank you for your response. I will try this today, and come back with results.

icap Tue, 09/11/2007 - 08:12
User Badges:


It works! Thank you very much. I somehow have overlooked that command entirely. I am very grateful.


This Discussion