We have a LAN-to-LAN VPN tunnel which we have configured NAT0 on both end firewalls, to these addressing excluded from NAT. What happens if they're out in the internet, what are these addresses known as when they're out there, which bit of the configuration part of the configurations should show this? Please help!
Bernadette, L2L uses the IPsec standard ,even though you have excluded internal address by NAT0 the traffic is still encrypted by (crypto map) engine and the access-list bound to the crypto map, example: access-list inside_nat0_outbound extended permit ip x.x.x.x y.y.y.y and access-list outside_cryptomap_20 extended permit ip x.x.x.x y.y.y.y , the outside_cryptomap_20 is what determins what traffic will be encrypted based on previous access list.
If you are using PIX and issue show crypto ipsec sa This command shows IPsec SAs built between L2L vpn peers and you should be able to see packets encap/decap and packets encrypted/decrypted as they are received and sent out through outbound- inbound tunnel interface.
Here is a link for learning the basics of Ipsec standards.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...