I have 2 branches and a main branch each with a 2611 router running IPSEC/3DES/Firewall software verion 12.07. Each branch is behind a NAT also.I need to create a VPN from the 2 branches to the main branch.
I have tried setting this up in a test environment but the NAT part confuses me when it comes to deciding which data is encrytped and what ip address's to use for the tunnels.
Has anyone set something like this up before or have a sample config i can see for guideline? Any help on this would be greatly appreciated.
If I understand you correctly the internal networks on the branches are being translated (using nat) to public ip on the branch routers itself. The access-list for the crypto would be based on the internal ip addresses and the ip address of the crypto peer would be the public ip address of the routers. See sample configs on:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...