Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
1
Replies

IPSec VPN through NAT?

tmadden
Level 1
Level 1

‎08-08-2002 10:03 AM - edited ‎02-21-2020 11:59 AM

I've got a PIX-to-PIX VPN Tunnel between CO and Chicago that works when the regular link is up. My ISP's main link in Chicago just failed, but they have routed it through some emergency links they put in place. The temporary links include a NAT from a new IP to the old.

So, I have modified the PEER on my CO PIX and restarted the CRYPTO MAP. I can SSH into the remote (CH) PIX via the NATed external IP address, and the VPN appears to be up, but I can't pass traffic across it.

The inbound ESP SAS SPI in CO matches the outbound ESP SAS SPI in CH, and vice-versa. It seems like a routing problem, but I don't see where.

Any other thoughts?

Tim

Labels:
0 Helpful
1 Reply 1

awaheed
Cisco Employee
Cisco Employee

‎08-08-2002 01:04 PM

Hi Tim,

Try clearing the ARP cache on both the sides, Also try reloading the PIX to make sure its not stuck in any state since the link failure and is still trying to route through the old paths. If it still doesn't help then open up a TAC case with Configs for further troubleshooting on this.

Regards,

Aamir

-=-

0 Helpful
Customers Also Viewed These Support Documents