Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN NAT Issues on PIX 515e

I'm trying to configure a site to site VPN connection with PIX5153 6.3(5) on my end and Checkpoint at the other end.

host (172.30.10.x)--->PIX 515e---------Ceckpoint<---host.

The problem is when communications are initiated from the 172.30.10.x host, I can see the PIX encrypt packets leaving my PIX and decrypt packets coming back in (using PDM VPN Ipsec monitoring), but it appears that the packets aren't making it through the PIX back to the host.

I have also captured this traffic at the PIX and see only the outgoing packets

03:40:56.187154 172.30.10.x.3453 > y.y.y.y.699: S 242989206:242989206(0) w

in 16384 <mss 1460,nop,nop,sackOK>

Host 172.30.10.x is NAT'd to 65.125.108.x at the PIX. I have a local Cisco tech working on this as well as a TAC case open. No one seems to be able to determine what is going on. Is there a bug in 6.3(5) that prevents NATing over a Site-to-Site VPN configuration like this?

TIA,

Ken

4 REPLIES
Hall of Fame Super Blue

Re: VPN NAT Issues on PIX 515e

Ken

Can you send a sanitised version of the config ?

Jon

New Member

Re: VPN NAT Issues on PIX 515e

It's a bit lengthy, but here it is.

Hall of Fame Super Blue

Re: VPN NAT Issues on PIX 515e

Ken

Sorry, it a bit too sanistised. Usually people just get rid of public IP address from the config + passwords etc.

It's difficult to tell anything without some of the addressing

Jon

New Member

Re: VPN NAT Issues on PIX 515e

Policy won't allow me to post much more than this. I hope it's enough.

Thanks again.

223
Views
0
Helpful
4
Replies
CreatePlease login to create content