I've got an ipsec tunnel that's up and working with ATT. They require that the phase 2 IP's not be local LAN's, but public IP's.
So, my phase 1 is X.X.X.132, and my Phase 2 is on the same subnet as X.X.X.133. If I ping the remote router's loopback from 133, I get a reply. If I do a one to one nat of .133 to one my my LAN ip's, I can ping their local loopback as well.
The tunnel is intended to hide our local LAN's, and they will only accept traffic from my local .133 address. I've spent all day trying to set up overloading from my local LAN to my phase 2 IP, routing, etc. and I can't make it work.
Anyone have any suggestions? I can post a config if you'd like.
EDIT: IOS, I can put in an ASA if needed though. Config: https://pastebin.com/WYG6naAv
I tried...
ip nat pool inside_pool 2.0.0.133 2.0.0.133 prefix-length 32 ip nat source route-map NAT-SOURCE-NETS pool inside_pool overload ip nat outside source route-map NAT-SOURCE-NETS pool inside_pool
and a lot of other items, with different routing.
No comments:
Post a Comment