This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN Nat Issues

We are using an internet connection that has been given to us by the current building owners.

I have an ASG behind another firewall.

I can create an IPSec VPN Tunnel from my office to a central ASG.

All devices are pingable from one side to another.

The same config is setup with Full NAT ( ANY setup in Local Networks ) from another office.

This office for whatever reason does not want to run in a full nat.

If I look at the IKE status for the new office this is what I get

Auth PSK / Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 7800s / NAT-T / DPD

The NAT-T entry is not in our second office.

Any clues as to how to fix this?

This thread was automatically locked due to age.

0 peterkieser over 13 years ago

Could you please provide a copy of your IPSec Site-to-Site VPN logs with debugging enabled?

I would suspect it could be because ICMP is being blocked, but without further information we can't really assist you with your issue.
Cancel
Vote Up 0 Vote Down

Cancel
0 coewar over 13 years ago

Have you checked out this thread if it's the same issue I'm describing here?
(https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/54446)
Cancel
Vote Up 0 Vote Down

Cancel