You can always initiate a s2s vpn, regardless of the IP in this case. But there are scenarios where the ASA with a private IP can't be the responder and always has to initiate the connection.
NAT-traversal is normally done if there is any form of NAT/PAT on the path between the IPSec-Peers. But if there is control over the NAT-Device it could be used without NAT-Traversal wen the port-forwarding is set up correct. But if NAT-Traversal is enabled, which is typically the default, then it's used automatically regardless of the NAT-setup.
1. you meant to say, ASA outside can be a pvt ip and so the router lan, but in router we can do a static nat of the asa outside pvt ip ? correct ?
if asa outside is public, and router lan is pvt, then also we can establish s2s.
what are the scenarios where asa with pvt ip can not be a responder. ?
initiater/respomder is decided by who initiates a connection first correct...
2. concluding on the crypto nat, if there is any nat device between the peers, and if that nat device is doing any kind of inside nat/outside nat, we have to enable crypto nat traversal, correct me if im wrong.
In s2s vpn, it will never check the interface acl, then while talking about the packet flow, could you please tell me what happens first and the series of actions for outbound and inbound traffic of 8.2 and 8.3
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...