I am trying to get isakmp/ipsec to work between two Cisco routers. One router has a static public IP, the other router is on a 1-1 NAT behind an ASA5510. The 5510 is using standard Fe0/0 for outside and Fe1/0 inside.
I have allowed all of the needed ports through the ASA5510 to the router but I still not get phase 1 to complete.
We are still using ISAKMP ON THE 5510 also for some VPN's that are being phased out and when I debug the 5510 I see it sending data to my remote site.
How can I make it so my port forwarded traffic is not "picked up" by ISAKMP on the ASA ? Is my only option to use another interface that does NOT run isakmp on it?
I think the problem is that I have sysopt permit-ipsec enabled on the device which kills the port forwarded acl's, can I enable sysopt selectively? Perhaps on an interface basis?
+RemoteRouter+ -------ASA5510----+NATD Router+