Hi
I have a situation where I would like to allow clients on the inside of my network to VPN to other 3rd parties (the clients will get NATed to the outside interface of the router), while at the same time there are site-to-site VPNs to others. When I configure it the router logs %CRYPTO-4-RECVD_PKT_INV_SPI when the client tries to connect to the remote VPN server, which I assume is because the router is trying to decrypt the packet rather than forwarding it to the internal client that sent.
Is this configuration possible?
Thanks!