I'm having trouble with a VPN I'm trying to create on a PIX 515. I have the crypto map's configured, I have the pre-shared key, I have the access-list in place, and I have the isakmp settings configured. I see the access-list incrementing when I initiate traffic from the desired host, but I'm receiving this message when I have debugging turned on:
Here's the situation: The source is a server that resides internal to my network. I'm trying to create a site-to-site VPN to a client, over the internet. The client requires that I source my server from 10.147.110.0/24. The destination is any of the networks specified in the VPN1_ACL. I created an outside static NAT that should translate 18.104.22.168 to 10.147.110.2.
When you say that you do not see the crypto traffic being included in the NAT 0 command, which traffic are you looking for? I thought the match ACL in the crypto map would catch the traffic destined for the VPN?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...