Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
1
Replies

Problem with IPSEC/GRE tunneling with NAT-T

rluyster
Level 1
Level 1

‎06-24-2008 09:21 AM - edited ‎02-21-2020 03:47 PM

I am in the midst of deploying between 25-40 871s to users@home, they are building tunnels to 2 2811s in different locations with active routing.

I am running into issues when the users put the 871s behind their home equipment which is handing out 192.168.1.x addresses. This all works fine until 2 users have been given the same 192.168.1.x address. When this happens the Crypto mapdb already has an entry for the destination address, so IPSEC is invalidating the proposal with a "peer address not found.

Does anyone know a way around this problem?

Labels:
0 Helpful
1 Reply 1

owillins
Level 6
Level 6

‎06-30-2008 08:06 AM

Many reasons there . one is IPSec policy invalidated proposal another one is SA policy not acceptable

Better solution is clear SA's from both routers and test the connection again.

0 Helpful
Customers Also Viewed These Support Documents