solution for distinguish the traffic of IPSEC and NAT

Publication Date:  2012-07-27 Views:  97 Downloads:  3
Issue Description
Two private lan can't visit each other though IPSEC tunnel,but the tunnel already established.
Handling Process
Change the configuration of ACL to distinguish the traffic to other lan and to the Internet.
Root Cause
Because when a packet go out though NAT the source IP address has been translated.When the destionation host receive the packet,it didn't know the exactly IP address of the source host,so the source host can't get the reply packet.Though changing the ACL configuration,we can distinguish the traffic of the two application,so it can work well.
Suggestions
This case provide a solution to distinguish the traffic of IPSEC and NAT,the two private lan can visit each other through IPSEC tunnel and access Internat resource via NAT.

END