I have a gateway with several VPN's on. Some via the Internet, and some routed internally via MPLS lines. These all work fine. Now I'm trying to set up a new site-to-site VPN and it isn't working.
Here's what I'm trying to do:
So my peer IP is a DMZ interface - 188.8.131.52.
I'm VPNing to remote peer IP 192.168.145.10.
On the firewall I'm routing 192.168.145.0/24 via 184.108.40.206.
Firewall-A> show route destination 192.168.145.10
Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default),
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA),
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
U - Unreachable, i - Inactive
S 192.168.145.0/24 via 220.127.116.11, eth2.105, cost 0, age 279519
I have an existing VPN set up in the same way via a different DMZ interface and that works fine - although I'm reminded that we had exactly the same problem when setting that up, and I fixed it on my side. I just can't remember what I did to fix it, hence asking for help!
The problem is that the remote side is seeing me coming from the gateway's public "main IP" - shown as A.A.A.A on the diagram. In Ikeview I see IP's 192.168.145.10 and 18.104.22.168 in packets 1 to 5, then in packet 6 I'm sending my public A.A.A.A IP to the remote peer. I don't understand why?
On my gateway I've got VPN link selection set as follows, using the routing table, which is correct.
I can't really alter this otherwise existing VPN's will stop working.
Does anyone know what else I need to do to stop P1 Packet 6 sending my A.A.A.A IP instead of the correct 22.214.171.124 IP?