Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
2
Replies

VPN ISAKMP Local Peer Address

Adrian Jones
Level 1
Level 1

‎11-07-2006 08:39 AM - edited ‎02-21-2020 02:42 PM

Hi All,

I hav econfigured for a VPN Connection on a Pix 506E. This Pix sits within a Network so traffic is Nat'd out to a Public IP address and Internet. When I try to establish a VPN the ISAKMP Phase 1 is rejected because the Peer is set to the local PIX Outside IP address rather than the Public IP Address. The remote end is expecting the public IP address as the Peer.

Is there anyway to set the Local Peer address to transmit as the Public IP Address ie. Instead of the local Peer 192.168.9.2 (Outside interface IP) being sent as the Local Peer, I want something like 66.66.66.66 to be identified as the local peer address.

Regards

Adrian

Labels:
0 Helpful
2 Replies 2

pmajumder
Level 3
Level 3

‎11-07-2006 11:17 AM

Hello,

You can try the following:

1. Set the iskmp identity to use hostname instead of the default ip address - isakmp identity hostname.

2. Make sure the remote peer can resolve the hostname to the 66.66.66.66 public ip.

Regards

Pradeep

0 Helpful

jgervia_2
Level 1
Level 1

‎11-07-2006 04:25 PM

Hello,

If another device is natting your VPN tunnel (not the pix itself) you'll need

crypto isakmp nat-traversal

or

isakmp nat-traversal

Depending on your firewall version. Also make sure that both udp 500 *and* udp 4500 are open between both endpoints.

--Jason

Please rate this message if it helped resolve some or all of your issue.

0 Helpful
Customers Also Viewed These Support Documents