pix515 and natting IPSEC VPN to 2 ISP

Unanswered Question
Jul 30th, 2008

Good day!

We have PIX515 which is connected by one inside interface to inside network and terminates IPSEC VPN sessions.

Then we NAT inside PIX IP to internet on router 2851

Everything works fine.

Now we need to NAT this PIX to second ISP (with different IP). Both ISP now is connected to one Cisco 2851. And we have configured standard routing with route-maps and it works ok.

How can we do it?

I've tried to use route-maps with NAT, but it don't work.

We had idea to assign second IP-address to PIX, but it's not support this.

I've even tried to use second PIX interface connected to second VLAN, but routing wasn't work correctly (PIX responds only to one ip-address, to which interface is configured a default route).

My config in 2851 is:

ip nat inside source static xx.xx.xx.zz route-map vpn_isp1 reversible extendable

ip nat inside source static yy.yy.yy.qq route-map vpn_isp2 reversible extendable

route-map vpn_isp1 permit 10

match ip address for_nat

set ip next-hop xx.xx.xx.xx

route-map vpn_isp2 permit 10

match ip address for_nat

set ip next-hop yy.yy.yy.yy


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Wed, 08/06/2008 - 10:25

With the help of Policy NAT, you can create multiple NAT or static statements.

Cisco PIX Firewall and VPN Configuration Guide, Version 6.3.


Use this Using NAT and PAT Statements on the Cisco Secure PIX Firewall example guide.


aliverlex Wed, 08/06/2008 - 22:46

Thanks for reply, Mary!

I don't need PIX NAT, I need 2851 NAT.

Question was: how to NAT (on 2851) one IP in inside net to two IP in outside? It needs for access this one inside IP from two different outside IP different ISPs.

Second inside IP is not possible to assign to device (because it is PIX).

The main goal is to make redundant VPN, terminated by PIX.

May be more correctly is to connect PIX to two outside ISP through two VLANs and to setup tracking for default route?



This Discussion