We need to do host-mode IPSEC out of AWS to a company in the DC/VA area that
is on L3; AWS apparently will only do network mode IPSEC, and they won't take
that, so we'll need to hop.
Anyone got a VPS provider in that area they like so we can set up the
'will only do network mode' .... because the VM you run in aws can't
do ipsec to your pix?
Pick your problem:
AWS's productized IPSEC VPC gateway won't do host-mode, or so I am told, and
Our customer won't do network mode, and
Our customer also won't accept IPSEC traffic that's been NATted, so we can't do
it from an AWS host cause EIPs are natted; there is, TTBOMK *no* way to get a
non-natted IP on an EC2/VPC host.