Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,I'm looking for some guidance on how to get a Cisco 2801, that sits behind a Cisco ASA5510 firewall, setup for ipsec tunneling capabilities to an Amazon VPC\VPN. The basic network flow is external to internal ciscoasa5510-->cisco6509-->cisco280...
Mike,10.12.45.254 is the inside interface of our 2801 and the 72.21.209.225 is the Gateway device on Amazon's end.Amazon's VPC setup requires BGP peering and creates a IPSEC tunnel for the VPN.After doing much troubleshooting and digging I discovered...
Anu,I have figured out what the hang up is. It appears that Amazon VPC doesn't support a customer Gatway device setup behind a NAT as they don't support NAT-T.I have moved the ISR outside of our firewall and gave it a public IP on a outside interface...
Anu,I have enabled it on the ASA5510 and from what I can tell and have read its enabled by default on the 2801 as its running a IOS later than 12.2(13)T or later. After making the change I'm still seeing the same regular translation creation failed f...
Anu,it appears that nat-t is not enabled on the ASA. My understanding is that enabeling it is global right? Since I have a L2L currently setup to between the ASA and another remote ASA will enabling Nat-T have any affect on that established tunnel?He...
