Hi. I have a question regarding this document from Cisco.com about creating dynamic crypto maps.
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/14131-ios-804.html
in this document, our private IP addresses are 10.1.1.0/24 and 10.2.2.0/24 and they configure NAT in such a way that the traffic to/from these IP addresses don't affected by NAT. my question is about NAT. I mean how do the border routers (sam-i-am and dr_whoovie) know about another network private IP address? for example, "sam-i-am" router gets traffic from local client destined to 10.1.1.0/24 that is another sites's private IP address. without any routing enabled on router or tunnel interfaces, how can this traffic be routed to "dr_whoovie" router? I think this document shows just portion of the whole config, otherwise it is impossible for the test ping at the end of the document to be successful.