0

I'm trying to make a site to site IPsec vpn tunnel between a cisco sa520 on my end and cisco enterprise device of the network I am connecting to. I am able to configure the device and get a tunnel established however I am unable to send any traffic from my system to any machine in the other network over the tunnel.

I checked the logs and it said:

NAT-D not enabled

So I setup an alias for my WAN interface and also put a firewall rule that will show the alias as my external ip and push all LAN traffic from the router over the tunnel. However, when I ping the remote machine (the device in the other network which I am VPN'ing into) I get no response but I do see the Tx and Rx going over the tunnel. Also it still says NAT-D not enabled.

Am I missing something here? Do I need a VPN client on my machine to connect to my SA520 in order to send traffic over the tunnel or just having the system on the local lan is sufficient?

user1266369
  • 29
  • 1
  • 4

1 Answers1

1

you make site to site VPN , so there is no need for client , you have to exempt your VPN traffic from nating on outside interface , you can do this by configuring exempt nat and define your local network as source and remote network as Destination , if you provide more details on the network design and the device on the other end that will be helpfull

Mr.lock
  • 217
  • 1
  • 7