About birdperson

I've got a rather bizarre setup that I'm trying to integrate with a new customer using a vm-series 300 in AWS. I have setup and established an IPSEC tunnel  (that even comes up when we attempt to send traffic over the tunnel). Where it gets complicated is that their expectation is that we NAT all traffic using public IPs and send the traffic through the tunnel (I should mention that the other side is a Cisco ASA device).    I've attached a fairly simple diagram of the setup that's been proposed by the customer on the other side ( IP addresses changed for safety). To sum it up quickly:    * we have a tunnel established between 1.1.1.1 and 2.2.2.2, this tunnel comes up when I attempt to send traffic through it * I've routed both 3.3.3.3/32 (our side of the nat translation) and 4.4.4.4/30 (their side of the nat translation) into the tunnel interface * when i attempt to send traffic through the tunnel over port 443 (ex: curl https://10.0.0.2) from our server the tunnel comes up * i can also see in the traffic monitor that the NAT policy appears to be applying (I can see the 10.x addresses NAT'd to the 3.3.3.3 and 4.4.4.4) addresses respectively.  The customer is reporting that no traffic is coming through on their side. When I try to use the packet capture tool on our side and filter based on interface (tunnel.1 in this case), then try to send traffic, I don't see any packets. Is there anyway to verify that traffic is indeed flowing over the tunnel?    I could also have done something really wrong here, but I'd expect that if the tunnel comes up, some traffic is attempting to be sent.        ... View more

Hi All, pretty dumb question here. I've setup the VM-series in AWS and attached three interfaces to the box. The intention here is to setup NAT (due to overlapping IP space)  over a site-to-site VPN.   * management, I can get to this just fine and use the web console etc (call this 10.0.0.2/24) * "inside" attached to eth1/1, is connected to our private network ( call this 10.0.0.3/24) * "outside" attached to eth1/2, is connected to our public network in AWS and has an EIP associated (associated address is 10.1.0.2/24)   eth1/1 and eth1/2 are setup using DHCP in AWS, with eth1/2 having un-checked the " Automatically create default route to default gateway provided by server "  box.    The question is where/how does one configure the "public or outside" interface to reach the internet via the EIP? I can't seem to get traffic to flow out that interface (using the EIP) no matter what set of routes I put in place.     ... View more