We need to have remote traffic come in as 10.2.2.x.
Main Site (3030)
IPSEC L2L config as follows: (Note: We are not natting anything on our LAN)
Local: 10.10.0.x
Remote: 10.2.2.x
Remote Site (3005)
A L2L NAT rule was created as follows:
Local: 10.5.1.x
Translate: 10.2.2.x
Remote: 10.10.0.x
IPSEC L2L config:
Local: 10.2.2.x
Remote: 10.10.0.x
The initial Connection type was set to Originate Only on the 3005 and Bi-Directional on the 3030. We later changed to Bi-Directional on both ends. We have verified that the Pre-Shared key,IKE and authentication are correct. We are running into misconfiguration and Tunnel Reject errors:
Group [3005 IP]
PHASE 1 COMPLETED
User [3005 IP] Group [3005 IP] connected, Session Type: IPSec/LAN-to-LAN
LAN-to-LAN tunnel to headend device [3005 IP] connected
Group [3005 IP]
Received remote Proxy Host data in ID Payload:
Address 3005 IP, Protocol 0, Port 0
Group [3005 IP]
Received local Proxy Host data in ID Payload:
Address [3030 IP], Protocol 0, Port 0
Remote L2L Peer Originate Only? Possible misconfiguration!
Group [3005 IP]
Tunnel rejected: Policy not found for Src: [3005 IP], Dst: [3030 IP]!
QM FSM error (P2 struct &0x5de0468, mess id 0x42b7161c)!
Group [3005 IP]
Sending IKE Delete With Reason message: No
User [3005 IP] Group [3005 IP] disconnected: duration: 0:00:00
LAN-to-LAN tunnel to headend device [3005 IP] disconnected: duration: 0:00:00