I have a unreliable VPN tunnel I am trying to diagnose. I have a Cisco 1801 ISR at a customer site that has a private IP address assigned to it's outside interface. The other end of that connection is I am told a DMZ on a watchguard (not my device) and I have been given a 1 to 1 NAT from a public address to my inside address.
I have the VPN tunnel established, but it is unreliable. At what seems to be random intervals the VPN will drop and I cannot re-establish the tunnel until I restart the Cisco 1811 router. The tunnel is terminating on a pair of PIX 525s at our datacenter. I have about a dozen 1801/1811 routers in the field and this is the only one causing problems.
Do I need to do anything special for a device that is behind a NATed interface?