03-03-2009 12:29 PM - edited 02-21-2020 04:10 PM
I have been trying it for a couple of days and couldn't make it to work. The diagram and configuration is in the attachment.
Show crypto isakmp profile: QM idle on both sides.
Show crypto ipsec profile: NO ipsec profile established on both sides.
Show ip nhrp (on hub side): Nothing is registered at all. Blank.
Any ideas???
Thanks!
Difan
Solved! Go to Solution.
03-03-2009 02:42 PM
As long as the HUB has a static nat translation this should work, try setting your transform set to mode Transport rather than tunnel on both spoke and hub, shut your tunnel on the hub and spoke and then turn it back on, does that make a difference?
03-03-2009 02:42 PM
As long as the HUB has a static nat translation this should work, try setting your transform set to mode Transport rather than tunnel on both spoke and hub, shut your tunnel on the hub and spoke and then turn it back on, does that make a difference?
03-03-2009 07:22 PM
I will give it a try tomorrow. However if I didn't remember it wrong, tunnel mode is the one which can work with NAT???
03-04-2009 06:54 AM
Nope, tunnel mode is encapsulating the whole ip packet into a new packet thefore changing the proxy id's when the traffic comes to the hub the proxy id's will not remain as how it expect them.
03-06-2009 10:22 AM
Thanks man! It worked!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide