VPNs to GCP using IKEv1 when your Cisco router is behind NAT

Date: September 6, 2019Author: J5 0 Comments

Tried my first VPN to GCP and didn’t have much luck with IKEv1. While it did detect the remote router being behind NAT, Phase1 wouldn’t come up due to an ID mismatch:

received NAT-T (RFC 3947) vendor ID
remote host is behind NAT
IDir '192.168.1.123' does not match to '203.0.113.222'

Where 192.168.1.123 is the Real private IP of the router and 203.0.113.222 is the public NAT IP.

See also the same configuration with IKEv2.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

	Liam on Words of caution deploying the…
	Mot on F5 to ADFS 2016 SSL/TLS handsh…
	Scott Swanson on Activating Throughput License…
	Useful links for Obs… on Upgrading from Rancid 2.3.8 to…
	J5 on Wimpy Buffers on Cisco 3750/35…

Share this:

Like this:

Related

Leave a Reply Cancel reply