06-25-2008 07:43 PM
Solved! Go to Solution.
06-25-2008 07:46 PM
i don't know if you missed this answer provided by Stefan and Jerrish on one of the aliases:
You can use one or multiple SA with NATing. The SAs needs to match regardless of NAT or not NAT. If you NAT on a ScreenOS device, then your SA on the far-end third-party gateway must anticipate this and use a different ACL. There is an example on how to do this in the ScreenOS Cookbook in chapter 8.19 "Configuring NAT with Policy Based VPN".
also the link to configure route based VPN on Cisco IOS routers. The proxy-id on the cisco device also defaults to 0/0 with route based VPN http://www.ciscoblog.com/archives/2006/08/vpn_virt