I need to create a site-to-site VPN tunnel using IPSEC established over the Internet between two offices. The offices belong to two different companies.
I was given a range of 16 public IP addresses. One of these IPs is used on the ISPs router and it is the next-hop for my router. Another IP from the range is used on my router?s external interface ( which is a Cisco 851) and it is also my site's VPN endpoint. So far so good...
Here is my problem: The source IP for the encrypted traffic, is a public address from within the 16 public IPs I have (not the one on my router's interface). The actual application that needs to send the encrypted data is a server in my LAN, and it has a private IP. The other site, expects to receive the encrypted data however, from the public IP. I used NAT between the private IP address of the server and its public IP, but no data passes through the tunnel. By the way, the tunnel between the two end points establishes with no problem. The problem is that the source of my encrypted data is the public IP and I do not know how to route it through the tunnel. I am attaching the configuration of my router.
Any help is appreciated.
The access-list "natted-traffic" should say :
ip access-list extended natted-traffic
deny ip host 192.168.0.160 host BB.BB.BB.BD
deny ip host 192.168.0.160 host BB.BB.BB.BE
Hope this helps.