At this moment the mobile users are able to connect to the VPN server, but not the remote sites which are using Dynamic IP's (DSL)and NAT from the provider. I using a cisco 831 routers as terminal equipments.
The debug log shows a message like this
"""019088: *Feb 23 18:26:24.668 PCTime: ISAKMP: reserved not zero on ID payload!
019089: *Feb 23 18:26:24.668 PCTime: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 22.214.171.124 f
ailed its sanity check or is malformed""""
I attaching the log message as well the used configs.
Re: IPSec Router Dynamic LAN-to-LAN Peer and VPN Clients
Iam kind of confused on this. Why do you want to NAT the traffic going to the hub through IPSec ? And I suggest doing Tunnel mode instead of Transport mode and natting it. What you have done looks kind of scary to me ;-)
Why iam saying this is that IPSec transport mode requires you to define traffic between the Crypto peers in the Crypto ACL and not the internal LAN. Let me know if you need any more info.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...