Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX to PIX VPN with one sides outside IP private

I have a PIX at 5 different locations, and they can all connect correctly to each other. 4 of these PIXs have static IPs on the outside interface. the 5th one has a dynamic ip on the outside interface provided by the ISP. So the configuration on that one is a bit different but it connects fine to my other sites.

I want to add another PIX to a new site to connect along with everyone else. The ISP at that site will only provide me with a private IP address on my outside interface (10.1.1.x) and that is also dynamic. The ISP NATs all of its traffic on that subnet to a static IP address that they use for all of their clients.

So, i set up my pix the same way as my other dynamic outside interface PIX, and it will establish the IPSEC tunnel according to the PDM monitor. But my traffic will not flow through from either side.

is the ISP blocking my traffic? or do i have a configuration issue in my new site's PIX? I've checked the config and it's identical with minor variations to the other dynamic pix in my VPN.

Thank you for your help

3 REPLIES

Re: PIX to PIX VPN with one sides outside IP private

isakmp nat-traversal 20

Try to add this command on your 5 pixes

New Member

Re: PIX to PIX VPN with one sides outside IP private

Thank you for your response. I will try this today, and come back with results.

New Member

Re: PIX to PIX VPN with one sides outside IP private

a.alekseev,

It works! Thank you very much. I somehow have overlooked that command entirely. I am very grateful.

93
Views
0
Helpful
3
Replies
CreatePlease login to create content