Internal hosts --> ISA server --> Edge router <<-------------------------->> Remote router --> remote server
Our ISA is doing PAT and hiding all the internal clients behind the IP "192.168.0.1". I ineed to initiate VPN tunnel between two hosts behind the ISA which are: 10.0.0.221/32 and 10.0.0.224/32 that need to communicate with remote server on the other side with IP 10.128.241.50/32
I was able to get the VPN up and ping from the left side (host that resides behind ISA) to the remote server 10.128.241.50. But the ping from the other side is not working. I know it's because we have a PAT device behind our internal servers on the left and to get a two-sided VPN tunnel, I need to create static NAT entries on the ISA for the two servers 10.0.0.221, 10.0.0.224 but unfortunately, that's not doable at the meantime since these servers are participating in other VPN connections.
My question: Is there any workaround to be applied here without the need of creating static NAT entries and keeping the ISA doing PAT as expected?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...