I am porting the config from a 1841 that had a L2L IPSec VPN setup with a Sonicwall peer. This 1841 had a CBAC firewall on it as well. We are retiring this router and moving the VPN over to a 1941 router with a Zone-based firewall. How do I set up the ZBF to allow this IPSec VPN tunnel? Can I use VTI when connecting to a non-Cisco host (Sonicwall)? Right now there are only two zones setup (inside/outside).
The new router has two interfaces to the internet via two different providers. Can I run CBAC and all the VPN traffic on one public interface and zone-based on the other internal client serving interface? I have read that you can mix CBAC and ZBF together.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...