RVS4000 - we require peer to have ID 'a.a.a.a', but peer declares 'b.b.b.b'
What is the good of advertising that you support NAT-T when clearly you don't.
Perhaps inbound client based VPN but what about outbound IPSec tunneling?
Consider this diagram...
Host 2 sits behind "RVS4000v2 Bravo" policy allow it to create an IPSec tunnel with the Cisco2821 sitting in this DMZ. This IPSec passes through a firewall where no translations happen and everything is perfect.
Unfortunately Host 1 is behind "RVS4000v2 Alpha" (c.c.c.c) on the Internet and because of security reasons, I cannot provide the Cisco2821 with direct Internet connecivity. The NAT'ing is working as all appears that the systems understand that there is NAT in path but yet the RVS4000-Alpha still gets spooked when the Phase2 Offer message is from b.b.b.b (Cisco 2821) and not a.a.a.a (Firewall NAT'ed Cisco 2821).
I have full IP capability as my devices do pass Phase 1 (as seen on the Cisco 2821)
ISAKMP: (4009):SA has been authenticated with a.a.a.a
ISAKMP: Trying to insert a peer b.b.b.b/a.a.a.a/500/, and inserted successfully 47FE1CD8.
On The RVS4000: Feb 18 14:08:14 - [VPN Log]: "PZ_Outside" #2: we require peer to have ID 'a.a.a.a', but peer declares 'b.b.b.b' Feb 18 14:08:14 - [VPN Log]: "PZ_Outside" #2: sending encrypted notification INVALID_ID_INFORMATION to a.a.a.a:4500
On the Cisco2821(Inside the Firewall addressed a.a.a.a): *Feb 18 19:02:45.847: ISAKMP: reserved not zero on HASH payload! *Feb 18 19:02:45.847: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from c.c.c.c failed its sanity check or is malformed *Feb 18 19:02:45.847: ISAKMP:(4019):deleting node -712730088 error TRUE reason "Invalid payload"
Is there anyway to fix this? Is there no NAT-Traversal Enable function on the RVS4000? Is there no configurable item where I could tell the RVS4000 to accept the offer from a.a.a.a even if inside the offer, it is coming from b.b.b.b?
Article ID:3091 Reboot and Factory Default Reset on ISA500 Series
Integrated Security Appliances Objective Reboot or restart of the
network device is made when certain changes in the settings need reboot
or if the device is frozen. The configuration setti...
Article ID:3403 WAN Quality of Service (QoS) Policy Profiles Settings on
ISA500 Series Integrated Security Appliances Objective Wide Area Network
(WAN) Quality of Service (QoS) policy profiles manage traffic through
classed-based profiles. These profiles ...
Article ID:2922 Cisco QuickVPN Installation Tips for Windows Operating
Systems For a video showing installation tips on Quick VPN, visit
http://youtu.be/hHu2z6A78N8 Objective Cisco QuickVPN is a free software
designed for remote access to a network. It is...