I use a CVPN3000 behind a PIX Firewall (the Public interface is statically 'NATed').
I try to establish a VPN session via Internet using a Cisco VPN Client : I indicate the NATed IP address of the CVPN3000 as the VPN Server.
I have this error message :
7 18:03:11.149 05/18/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = <real ip @ of the CVPN3000 public interface>
8 18:03:11.149 05/18/05 Sev=Warning/2 IKE/0xE3000099
Packet is received from unknown peer (IKE_MAIN:286)
15 18:03:23.497 05/18/05 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=E42AAB6B9A8892B4 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
So the reason is that the CVPN3000 respond to the IKE Nego using its real IP @.
What is the solution?
PS : I have to keep the real address and do NAT because I have other VPN connections using this real address.