cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
379
Views
0
Helpful
3
Replies

PIX to PIX VPN with one sides outside IP private

icap
Level 1
Level 1

I have a PIX at 5 different locations, and they can all connect correctly to each other. 4 of these PIXs have static IPs on the outside interface. the 5th one has a dynamic ip on the outside interface provided by the ISP. So the configuration on that one is a bit different but it connects fine to my other sites.

I want to add another PIX to a new site to connect along with everyone else. The ISP at that site will only provide me with a private IP address on my outside interface (10.1.1.x) and that is also dynamic. The ISP NATs all of its traffic on that subnet to a static IP address that they use for all of their clients.

So, i set up my pix the same way as my other dynamic outside interface PIX, and it will establish the IPSEC tunnel according to the PDM monitor. But my traffic will not flow through from either side.

is the ISP blocking my traffic? or do i have a configuration issue in my new site's PIX? I've checked the config and it's identical with minor variations to the other dynamic pix in my VPN.

Thank you for your help

3 Replies 3

a.alekseev
Level 7
Level 7

isakmp nat-traversal 20

Try to add this command on your 5 pixes

Thank you for your response. I will try this today, and come back with results.

a.alekseev,

It works! Thank you very much. I somehow have overlooked that command entirely. I am very grateful.