Re: Cisco IOS ZFW (Zone Based Firewall) and IPsec VTI
Static VTIs, which is what you are using on this router only supports an "ip any any" proxy id. You will not need to configure one here. Traffic is sent over the tunnel using routing protocols or static routes. The following route should be good enough
ip route 192.168.1.35 255.255.255.255 Tunnel2
If you are having problems configuring the tunnel than I would check the policy on the remote end. If they are not using SVTI or a ip any any proxy ID then this will not work.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...