Is possible to create a site-to-site VPN when one end is behind a ISP NAT'ed internet connection using a cisco router?
Specifically IPSEC can use UDP? So far I only managed to do this using OpenVPN.
The site-to-site VPN can be established if you're doing NAT.
ISAKMP is established using UDP port 500 and then the encrypted traffic is encapsulated using ESP.
If it's NAT is not a problem.
If you're using PAT, ESP causes problems because ESP has no layer 4 information and therefore cannot be PATed.
If this is the situation, just use NAT-T so that ESP traffic will be encapsulated in UDP port 4500.
This should work with no problems.