I'm trying to configure a SR520 in place of a Zyxel 662H that had 10 IPsec VPNs towards our branches.
I'm not a professional, but I'm learning from the examples I find in the net.
What I have to do now is connect our branches (they all have Zyxel 661H and static IPs) with the SR520, so that they can access the central server's resources as if it was in their local network. Also, SR520 must give access, with NAT, to the head office's network towards internet (this part works, but don't know if I've made it in the right way).
Before we speak of configurations what is the best way to do so? IPsec profiles or policies? NAT access-lists or route-maps? the crypto-map should be applied to the ATM part or the VLAN?
So, you can see there's big confusion in my head. I need to figure things out instead of having a working configuration (but it wouldn't be so bad :)).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...