I have a pix 501 firewall that I need to setup a site to site ipsec tunnel with a remote peer. The inside subnet on my pix is 192.168.100.0/24. For this discussion purpose, let's say my pix's outside ip is 10.10.10.10 and the remote peer ip is 184.108.40.206.
The tunnel needs are as follows: Local IP of 192.168.100.10 needs to communicate with remote ip of 220.127.116.11
I have to NAT my local ip of 192.168.100.10 to the ip address of 10.10.10.11 before it traverses the tunnel to the remote end.
I have setup the following, but I don't see any indication of phase 2. I see phase 1 completing, but nothing for encaps/decaps when I do a "show cry ipsec sa"
Here is the related config, minus the encryption parameters. please review and see if there are any issues with it, I'm particularly concerned about whether or not I'm NAT'ng correctly.
access-list 101 remark ***Crypto ACL for traffic to remote peer*** access-list 101 permit ip host 10.10.10.11 host 18.104.22.168
access-list VPN_NAT remark ***Policy NAT for VPN traffic*** access-list VPN_NAT permit ip host 192.168.100.10 host 22.214.171.124
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :