my problem is not really the IPSec connection between the two devices (it's already running ...) But my problem is that I have a mail-server on the Cisco site, which have a static NAT from inside to outside. Because of the static NAT I can not see the server in the VPN tunnel. I found a document which describes almost the problem:
"Configuring a Router IPSEC Tunnel Private-to-Private Network with NAT and a Static" (Document ID 14144)
NAT takes place before the crypto check !
In that document the solution is "policy routing" by using a loopback interface. But, how can I manage that with the Netscreen firewall. Have anybody an idea ?
thanks for any support
Try modifying your static NAT with a policy based static NAT.
i.e static NAT shouldn't be applicable for the VPN traffic
route-map static permit 1
match ip address 104
access-list 104 deny ip host 10.1.110.10 10.1.0.0 255.255.0.0
access-list 104 permit ip host 10.1.110.10 any
ip nat inside source static 10.1.110.10 18.104.22.168 route-map static