09-10-2007 10:07 AM - edited 02-21-2020 03:15 PM
I have a PIX at 5 different locations, and they can all connect correctly to each other. 4 of these PIXs have static IPs on the outside interface. the 5th one has a dynamic ip on the outside interface provided by the ISP. So the configuration on that one is a bit different but it connects fine to my other sites.
I want to add another PIX to a new site to connect along with everyone else. The ISP at that site will only provide me with a private IP address on my outside interface (10.1.1.x) and that is also dynamic. The ISP NATs all of its traffic on that subnet to a static IP address that they use for all of their clients.
So, i set up my pix the same way as my other dynamic outside interface PIX, and it will establish the IPSEC tunnel according to the PDM monitor. But my traffic will not flow through from either side.
is the ISP blocking my traffic? or do i have a configuration issue in my new site's PIX? I've checked the config and it's identical with minor variations to the other dynamic pix in my VPN.
Thank you for your help
09-10-2007 10:38 PM
isakmp nat-traversal 20
Try to add this command on your 5 pixes
09-11-2007 06:29 AM
Thank you for your response. I will try this today, and come back with results.
09-11-2007 08:12 AM
a.alekseev,
It works! Thank you very much. I somehow have overlooked that command entirely. I am very grateful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide