VPN tunnel will not work in your scenario. Second nat change address and ports that you wanted to use for vpn tunnel. So the port 500 wil be translated for higher port and will be rejected in HQ.
The VPN-tunnel I want to use is IPSec with NAT-T (have to, because of at least 1 NAT-device) from a PIX to a CIsco VPN Concentrator.
I think, though, that I've already gotten my answer in that it won't work.
Because of the PAT _and_ NAT, the port-translations and info that reaches the CVPN will all be screwed up.
Doing port-forwarding on the PAT-router is not going to be the best solution.
I've just had a talk with a technician of the networkoperator, and he confirmed that it will not work. They can do something to eliminate 1 of the NAT/PAT-devices, so I think that's the way to go.
Users browsing this forum: No registered users and 2 guests