Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

[Pix] VPN Site To Site with Nat

Hi all,

Can someone help me please

An inside server ( need to access to a remote network

A VPN site to site is established between Pix outside ( and Multitech Firewall (

Now my inside server should connect to the remote network with this IP So I have to Nat my inside server IP ( to

The remote network should connect to inside network by the

My problem is I can establish a connexion to my inside network from the remote network but I cannot establish connexion (tcp) from my inside network to the remote network.

The weird thing is I can ping from both network each other.

This is my config below

access-list Outside_1_cryptomap extended permit ip

access-list Inside_nat_static extended permit ip host I92.168.92.6

static (Inside,Outside) Ip_172.20.20.6 access-list Inside_nat_static dns

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map Outside_map 1 match address Outside_1_cryptomap

crypto map Outside_map 1 set pfs

crypto map Outside_map 1 set peer

crypto map Outside_map 1 set transform-set ESP-3DES-SHA

crypto map Outside_map interface Outside

crypto isakmp enable Outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

no crypto isakmp nat-traversal

service-policy global_policy global

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key *

Thanks for answers

New Member

Re: [Pix] VPN Site To Site with Nat

ACL Outside_1_crytpomap defines a class C network for In your descriptions you talk about just one server ( Do you have other hosts in the network that need to traverse the VPN? Should acl Outside_1_cryptomap be permit ip host

Keep in mind that VPNs need to match both sides. Is the Multitech defining a single host or a class C network?