Hi Experts,
When using NAT-T, we're using Private address in the "match identity address" command. If we replace this private IP with the Public IP (1.2.3.4), the tunnel doesn't come up.
Can someone please assist how NAT-T working in the match identity address statements. Thanks in advance
Configs
====
Hub-Router #
crypto keyring OUR_KEYRING
pre-shared-key address 1.2.3.4 key <key>
crypto isakmp profile PROFILE_NAME
vrf TEST
keyring OUR_KEYRING
match identity address 10.0.0.1 255.255.255.255
crypto map OUR_MAP ipsec-isakmp
set peer 1.2.3.4
set isakmp-profile PROFILE_NAME
Cheers,
Sri