maybe someone could give me a hint about this scenario:
|Public IP | |
| | |Public IP
|Private IP | |Private IP
|Private IP |
I want to establish a VPN connection between our local PIX and the remote VPN gateway. The remote gateway is not directly connected to the internet. It's connected to which forwards all packets and is doing 1:1 NAT between the public IP address and the private IP address.
When trying to establish the VPN tunnel, on the PIX i get something like
Group = , IP = , Rejecting IPSec tunnel: no matching crypto map entry for remote proxy /255.255.255.255/0/0 local proxy /255.255.255.255/0/0 on interface outside
The reason are the different public/private addresses which are seen for the remote VPN gateway. Is there any way to get around this? NAT-T? Which address should be used for the crypto map: The public or private address of the remote VPN gw?
With kind regards Markus