I tried to configure a Site-to-Site VPN using an ASA 5520. The remote peer (Draytec 2950) has an internet connection using dynamic ip addresses. At my ASA I did create an connection profile. If I set the current wan-ip-address of the remote peer the tunnel will become active and the site-to-site vpn is working fine. But if I disable 'Peer IP Address = static' at the connection profile, the vpn will not work...
Aug 1 09:24:15 ASA-5520 :%ASA-vpn-4-713903: IP = <current-wan-ip-of-remote-peer>, Header invalid, missing SA payload! (next payload = 4)
Aug 1 09:25:00 ASA-5520 :%ASA-vpn-4-713903: Group = <current-wan-ip-of-remote-peer>, IP = <current-wan-ip-of-remote-peer>, Can't find a valid tunnel group, aborting...!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...