L2L VPN tunnel. The checkpoint on the other end is doing deep packet inspection (using smart defense) and determining that the traffic is not being natted correctly, therefore blocking the outbound traffic because it might be a reverse route poisoning attack.
I.e.:
1: Syn packet shows tunnel IP address and destination. Packet passes through OK.
2: Ack packet shows return IP tunnel destination AND Internal un-nat'd IP destination (a non-routable 192.168.x.x) and denies the outbound packet because it doesn't match up against a trusted IP.
How do I get my 3005 concentrator to NAT the internal IP Correctly?
I.e.:
1: Syn packet shows tunnel IP address and destination. Packet passes through OK.
2: Ack packet shows return IP tunnel destination AND Internal un-nat'd IP destination (a non-routable 192.168.x.x) and denies the outbound packet because it doesn't match up against a trusted IP.
How do I get my 3005 concentrator to NAT the internal IP Correctly?