Contributor
•
2 Messages
NVG589 with Public IP's and Cisco ASA
I got my static ip range today and was able to assign one of those IP Addresses to my 5505 ASA. When i try to establish my Site to site vpn with my Work 5520 ASA the IKE traffic does not appear to be making it back to my internal ASA on the newly assigned public IP's. All firewall options are off and i am not using pass through mode on the ATT gateway. If i use the pass through mode and change my endpoint to reflect the modems external adress the vpn will .connect without incident. (defeats the purpose of getting static IP's) Anyone have a ny good ideas? AT&T support does not know why it's blocking the IKE traffic or how to fix it.
Thanks in advance for anyone that has a helpful idea..
JefferMC
ACE - Expert
•
35K Messages
9 years ago
Is the IPSEC tunnel the first thing you're trying to do with your new static subnet on the Cisco ASA? Have you successfully tested such mundane things as PING to and from the ASA?
How did you set up the static subnet on the Residential Gateway? Did you manually set one of the available addresses on the external interface of the ASA?
0
0
Wolfmansb
Contributor
•
2 Messages
9 years ago
0
0
ATTU-verseCare
Community Support
•
6.7K Messages
9 years ago
Hi @Wolfmansb,
There is a workaround on this. It sounds like you need the passthrough setup so certain traffic is not blocked. If you set it up using DHCPS:fixed and put in the MAC address to your ASA, it will passthrough the traffic to that device. After that, you want to hard code your ASA with one of the static IPs in your block. That way, it should passthrough the traffic, and it will be to one of your static IPs.
Hope this helps.
-David T
0
0