cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
900
Views
0
Helpful
3
Replies

Site to Site VPN b/w two devices behind the nat devices

sampath9614
Level 1
Level 1

I am trying to bring up the S2S tunnel between a Cisco 4331 router and a PF Sense firewall.

router (192.168.5.2) --> ISP Modem(x.x.x.x) <--> Internet <--> ISP Modem (y.y.y.y)--> PF Sense firewall (172.16.10.1)

 

Both parameters are equal at both ends, cross verified a few times.

Any thing needs to be added when configuring these type of scenarios?

 

Following is the debugs received from the router also contains config.

 

 

3 Replies 3

Hi, so I assume you are port forwarding on the ISP modems?
Are you forwarding UDP 500 and 4500?

Its a static nat in the ISP modem at both ends.

mdussana
Level 1
Level 1

I would verify that the PF Sense firewall is receiving the authentication exchange message on port UDP 4500 with a capture. The router keeps retransmitting because it does not hear back from the firewall.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: