Friday, November 30, 2018

Setting up a branch IPsec tunnel on a 1918 address behind 1:1 NAT on Cisco gear

Standing up a quick-n-dirty temporary solution for a site affected by a natural disaster. Local WISP gave us a "static" IP, which is really 1:1 NAT. They gave my ISR an rfc1918 address, that DMZs to a public IP. All traffic to that public IP is 1:1 translated to the 1918 address. All my experience with s2s ipsec is with real pubic addresses on all endpoints. I know ipsec can do NAT traversal, but I've never configured it in Cisco land and my google-fu turns up nothing relevant to this use case.



No comments:

Post a Comment