IPSec Phase 2 local network & access from LAN
A bit of an experienced newb here.
We are establishing an IPSec connection with a customer. In short, I was only able to get P2 to come up when I used the WAN IP as the local network/address. Our WAN IP is used as part of the authentication process, it would seem (NO_PROPOSAL_CHOSEN was the error when I had our LAN as the local network).
What this seems to mean in practice is that I can ping their network from WAN (traffic shows up in the IPSec status), but not from a computer on my LAN. How do I establish the connection between WAN/LAN so that I can pass traffic from LAN to the customer network?
When setting up our inter-office IPSec tunnels this wasn't a problem because we're able to choose our local/remote network IPs. Our customer is so large that they don't have that luxury.
I am a flipping idiot. ;-)
If I put the WAN IP as the NAT/BINAT address and then LAN as the local network, it worked. P2 still works and traffic flows from LAN to our customer network.