• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 383
  • Last Modified:

PIX 506e VPN end point behind ASA 5510.

PIX 506e VPN end point behind ASA 5510.
I have a third party VPN server and a PIX 506e that are going to have a site to site connection. The third party is called a Junxion box and has very limited settings. I have had the Junxion and the PIX Site to Site setup and working with no problems. This is when I add my public IP to the PIX.

The problem is my pix needs to be behind the ASA 5510. As soon as put it behind the ASA it stops working. I have A static nat from external ip to interal ip of the PIX. I have AH, ESP, and 4500 open on the firwall pointing to the external address of the PIX.  

I can see the other box workin on phase one but never finishing. I think it might be the NAT from the ASA to the PIX
1 Solution
On the ASA, try allowing UDP 500 through to the PIX public address as well.
djohnson104Author Commented:
Yeah i forgot to say i allowed ISAKMP also.
Do you have a different public IP that has a 1-1 static nat to the PIX outside IP?
Is the PIX default gateway correct? Is the public IP that you are using the same as you had when you put the PIX directly on it?
Did you add isakmp nat-traversal 20 to the ASA and to the PIX?
Does the Junxion box even support nat-traversal?
Why don't you just setup the VPN directly on the ASA instead of the PIX?

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now