I'm having a little bit of a problem getting a site-to-site VPN established using NAT through the tunnel, so maybe someone would be able to help me out.
The internal network behind my firewall needs to be hidden since the other company is already using a network address the same as our internal network address. When the other company issues a ping from their network to our network (the network that we configured to hide our actual internal network), the VPN tunnel gets established and they are able to receive replies to the ping. However, when we try to ping the other company's network from ours, the debug messages show that the VPN peer is added but then deleted and the ping is unsuccessful. I posted the relevant part of the config on our end and the debugging messages. All the ipsec parameters are in match on both ends. Any help would be appreciated. Thanks.
Our real internal - 192.168.2.0
Their internal - 172.29.0.0
Network for hiding real internal - 192.168.81.0
access-list VPN permit ip 192.168.2.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list OTHER_COMPANY permit ip 192.168.81.0 255.255.255.0 172.29.0.0 255.255.0.0
access-list PRINTER1 permit ip host 192.168.2.240 172.29.0.0 255.255.0.0
access-list PRINTER2 permit ip host 192.168.2.12 172.29.0.0 255.255.0.0
access-list OTHER_COMPANY-NAT permit ip 192.168.2.0 255.255.255.0 172.29.0.0 255.255.0.0
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :