Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
3
Replies

Site to Site VPN b/w two devices behind the nat devices

sampath9614
Level 1
Level 1

‎07-18-2018 05:53 AM - edited ‎07-24-2018 09:12 AM

I am trying to bring up the S2S tunnel between a Cisco 4331 router and a PF Sense firewall.

router (192.168.5.2) --> ISP Modem(x.x.x.x) <--> Internet <--> ISP Modem (y.y.y.y)--> PF Sense firewall (172.16.10.1)

 

Both parameters are equal at both ends, cross verified a few times.

Any thing needs to be added when configuring these type of scenarios?

 

Following is the debugs received from the router also contains config.

 

 

Labels:
Preview file
27 KB
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎07-18-2018 10:52 AM

Hi, so I assume you are port forwarding on the ISP modems?
Are you forwarding UDP 500 and 4500?
0 Helpful

sampath9614
Level 1
Level 1
In response to Rob Ingram

‎07-18-2018 09:32 PM

Its a static nat in the ISP modem at both ends.

0 Helpful

mdussana
Level 1
Level 1

‎07-24-2018 07:05 AM

I would verify that the PF Sense firewall is receiving the authentication exchange message on port UDP 4500 with a capture. The router keeps retransmitting because it does not hear back from the firewall.

0 Helpful
Customers Also Viewed These Support Documents