Problem with IPSEC/GRE tunneling with NAT-T

Unanswered Question
Jun 24th, 2008

I am in the midst of deploying between 25-40 871s to [email protected], they are building tunnels to 2 2811s in different locations with active routing.

I am running into issues when the users put the 871s behind their home equipment which is handing out 192.168.1.x addresses. This all works fine until 2 users have been given the same 192.168.1.x address. When this happens the Crypto mapdb already has an entry for the destination address, so IPSEC is invalidating the proposal with a "peer address not found.

Does anyone know a way around this problem?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
owillins Mon, 06/30/2008 - 08:06

Many reasons there . one is IPSec policy invalidated proposal another one is SA policy not acceptable

Better solution is clear SA's from both routers and test the connection again.


This Discussion