Need help on this VPN set-up to work.
Left-hand. EC2:
- eth0:10.0.0.100/EIP=1.1.1.1 (ie. NAT'd IP)
- eth1:10.0.0.200/EIP=2.2.2.2
- Peer ip/leftid: 1.1.1.1
Right-hand. Cisco:
- Peer ip: 3.3.3.3
- Peer host/rightsubnet: 3.3.3.30/32 (Public NAT'd ip)
Cisco ACL:
permit ip host 3.3.3.30/32 host 2.2.2.2 (LH eth1)
- Tunnel is UP because outbound ping/telnet packets to 3.3.3.30 are going through the tunnel, but not replying/routing back.
- Do I need to set up SNAT, DNAT, or masquerade in IPTABLES.
Basically the goal is for LH to reach Peer host using Public NAT'd IPs.
Any helpful tips are appreciated.
Best Answer
Sharing my findings to solve my own issue, and could be for some.
The ipsec.conf param leftsourceip saved the day! :)
No iptables NAT required for my case at least.
Here's the fully working ipsec.conf
Hope this would be helpful to others who hit similar issue.