07-28-2008 04:10 PM - edited 02-21-2020 03:51 PM
Is it possible to create a DMVPN tunnel between a Hub and Spoke if the Spoke is behind a separate NAT device and is receiving a private address on its "external" interface?
Here is a basic rundown of the layout:
1 Hub with many spoke sites all successfully creating tunnels using DMVPN. One spoke site, however will not create a tunnel--or perhaps it is an issue with IPSec.
The spoke site is behind a NAT router which issues it a class C private address. I assume the hub sees the spoke's return address as this class C private IP address and not the public address owned by the NAT router. And this is why the tunnel cannot come up?
Maybe i am wrong?
Thanks in advance!