Hello Jerome--
Besides NAT for port 500, you need to allow ESP inbound to the
router that is the VPN peer. For example, on a router that is a VPN
peer, I have these two entries in the ACL which is on the public
interface.
permit esp any host 66.46.120.222
permit udp any host 66.46.120.222 eq i
Hi
i am search a small help, we have this:
Lan => Cisco 1721 => ISP Router NAT => Internet => Cisco 2821
- Cisco 2821 have a Internet adresse aa.bb.cc.dd
- Cisco 1721 are on a lan in 192.168.1.200 and ISP Routers 192.168.1.254
- Routers of ISP hav a Static IP and we have a nat/pat for UDP/TCP
