I want to make an EzVPN site-to-site tunnel with CSM. The client side has a private ip address on the WAN interface. My problem is that I can not access the private ip address via the internet. However when I want to set up an EzVPN connection with CSM, the Wizzard needs two peers to do so. Is there a solution for this issue?(the userguide is not conclusive about this)
If you don't have access to one or more of the participating nodes in the VPN, then the technique is to still define those nodes in CSM so they can be used in the VPN definition, however, when it comes time to deploy, choose deploy to file for the nodes which are not accessible. The unreachable devices will still of course need to be configured for the VPN to work and you can use this file deployed on the CSM server to identify what CLI is required on the device for the VPN to work.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...