I have been dealing with a Cisco company and they are just no help.
They have told my client to set up a site to site VPN from office to office.
They provided An IP to connect too.
And an IPSec password.
They provided no information about what goes in the tunnel.
To me that screamed l2tp or similar connection with IPSec encryption inside that connection.
So I requested a User and Pass to connect. This confounded them to no end. A few days later they explained that the connection was a site to site and not a l2tp connection.
They gave me an address to test the connection. But that address was a public IP???
Site to Site VPNs have always been for internal traffic.
The Cisco people made it very clear they don’t allow Local IP addresses in the connection.
Setting up a policy from my Local IPs to the WAN IP is torn down by the cisco end.
This got more and more weird.
They told me that they need the connection to come from my WAN address… ONCE AGAIN… SOUNDS LIKE A l2tp. They insist it isn’t.
So went to ipsec policies and wrote one that says
From my WAN
TO Some OTHER Public IP
My WAN
Their WAN
That passes phase 1 and phase 2.
I even get installed certificates.
There is no “interface” or “tunnel”.
So a masqueraded packet from my network that is sent to their WAN IP… Gets encrypted.
How do I get data back into my system so I can actually reach stuff???
Feeling so lost right now.