We have a client that is trying to establish a VPN tunnel using a Cisco 1761 router to our non-cisco device. The client LAN uses publicly routable IP addresses on their LAN. They are connecting to a private IP in our DMZ. The tunnel does come up when traffic matches the access list attached to the VPN policy but we do not see any of the packets. I suspect that they will need to NAT one of their publicly routable IPs to our private IP address.
They used the Cisco SDM toll to create the VPN connection. Any help is appreciated.
what IP addresses are negotiated to be encrypted across the VPN? Do those networks match/include the IP addresses used? It could also be a configuration issue in that the crypto map on the Cisco or the according thing in your device do either not match or not include the desired source and destination IPs.
I do not see any packets from them through the tunnel. I have attached the config as well. Also, when they do a traceroute from a PC inside their network, they see the Fa0/0 interface show up as 2 consecutive hops (2 and 3 I believe).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...