I'm trying to create a simple site2site vpn link, the only thing "un-ordinary" is that the protected network behind the remote vpn-firewall consists of public ip addresses.
When trying to access the adresses, the firewall sends the inside client directly to the public address - not through the tunnel.
I've tried everything.. :(
Anyone have any idea how to solve this?
Thanks in advance,
Typically, lan to lan traffic is not nat'd. If you want to nat it you must change your crypto acl to include the nat'd traffic.
Right now you have...
access-list outside_cryptomap_RKI extended permit ip object-group int_scorex_servers object-group ext_rki_servers
What is defined as int_scorex_servers? Probably the private ip addresses of the servers right? You would have to change this to the nat'd ip address.
access-list outside_cryptomap_RKI extended permit ip nat'd.ip.address object-group ext_rki_servers