Hi all,
I do need a solution to create VPN between 70 remote sites and a central site, all equiped with Cisco IOS routers. On the way from the remote sites to the central site, a NAT does change remote sites IP addresses to a unique IP. As far as I know, the NAT then makes impossible to use PSKEY to match key with the remote IP address, as all remote sites are seen as the same IP address from central site.
¿ Any solution can be implemented for this ?Thanks and regards
If you know what the particulare remote is being nated to then your host key can be to that natted device. for instance say remote is a dsl with 1 to 1 translation your remote cisco is 192.168.1.10 but when it moves through the dsl router ie a netopia the netopia translates it to 65.5.5.5 you need what is called NAT-T on your routers enabled this is done by having recent code on it. It was introduced on 12.2(13T) also may wish to add nat keepalive so your translation doesnt timeout in the Nat device and you lose your tunnel. If the device in the middle is running PAT and not NAT then you have bigger problems with esp. Possibel solutions are running ezvpn client server. Honestly best practice don't deploy your vpn tunnels behind natted devices ever.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.