Firewall A---------Internet--------------Firewall B
IPSec negotiation was successful, but services were interrupted.
An intermediate device translated the source address of IPSec service data, but not that of negotiation packets, causing the communication failure.
1. (Recommended) Both sides use public IP addresses. Therefore, NAT is unnecessary. Disable the NAT on the intermediate device to resolve the problem.
2. Configure the intermediate NAT device to translate the source IP address of IKE negotiation packets, too.