Hi Checkmates!
Setting up a S2S vpn I've run into the following curious situation.
A VPN required me to hide the Lan behind a public IP on our range;
So I set up the VPN and instead of using the local gateway's encryption domain I select user-defined, and create a group with just the public IP that will be my local encryption domain.
I check all my settings, access rules, nat rules, and after being sure i start generating traffic.
But the traffic never matches the VPN ruleo, it goes straight to clean-up.
Meaning of this I assume is that the gateway is not considering the traffic as interesting for the VPN.
I change the encryption domain on the community back to the local gateway (which also includes the Net Range of the LAN) and the rule starts matching and VPN forms.
My question(s) are:
Does the match for interesting traffic on VPN occur pre-nat?
Could be a bug with user-defined enc-dom?
Using R80.40 JHF120.
Juan
Thanks!