Site - Site VPN using routers and private ip on serial link to ISP
I am connecting a remote site to HQ using 2611XM routers and IPSEC. I did a very similiar setup a few months back and everything went great. This time however, the remote site ISP has provided a Private IP on the serial link to the Internet. I have been provided a set of public IP's which I use to NAT (PAT) the private internal network.
My question is how do I define the peer address for the crypto command on my HQ router ? Normally, the peer address is the address of the serial port of the remote router. Here in this case, it is a private IP and hence how do I define it.
ip address 192.168.54.1 255.255.255.0
ip nat inside
description Link to the Internet
ip address 172.19.200.62 255.255.255.252
ip nat outside
ip nat pool RG-Geoge-natpool 18.104.22.168 22.214.171.124 netmask 255.255.255.248
ip nat inside source list nat-list pool RG-Geoge-natpool overload
Re: Site - Site VPN using routers and private ip on serial link
you have defined a nat pool 126.96.36.199 which is not part of your configured IP segments. If this config is correct, then your serial interface has to be "natted" also by your ISP to a public IP adress. Then you can build a crypto map in tunnel mode on the serial interface. On the remote site you must define the peer address as your ISP does the NAT-address for your serial interface. CAUTION: IPsec NAT is not provided by every Router and even not by every CISCO IOS. So talk to your ISP and get a public address and also get clear that ESP providing is enabled.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...