cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

186
Views
0
Helpful
3
Replies
Beginner

Site to Site VPN b/w two devices behind the nat devices

I am trying to bring up the S2S tunnel between a Cisco 4331 router and a PF Sense firewall.

router (192.168.5.2) --> ISP Modem(x.x.x.x) <--> Internet <--> ISP Modem (y.y.y.y)--> PF Sense firewall (172.16.10.1)

 

Both parameters are equal at both ends, cross verified a few times.

Any thing needs to be added when configuring these type of scenarios?

 

Following is the debugs received from the router also contains config.

 

 

3 REPLIES 3
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Site to Site VPN b/w two devices behind the nat devices

Hi, so I assume you are port forwarding on the ISP modems?
Are you forwarding UDP 500 and 4500?
Highlighted
Beginner

Re: Site to Site VPN b/w two devices behind the nat devices

Its a static nat in the ISP modem at both ends.

Beginner

Re: Site to Site VPN b/w two devices behind the nat devices

I would verify that the PF Sense firewall is receiving the authentication exchange message on port UDP 4500 with a capture. The router keeps retransmitting because it does not hear back from the firewall.