I've got a bit of a problem here and I'm having trouble putting my finger on it. So I labbed it up, but am still unable to get it to work. I have a client that is working with a DMVPN setup that also has remote workers that VPN in with Cisco's Unity Client. They are slowly migrating to a PKI in order to get away from PSKs on all their tunnels and such. The DMVPN tunnels are working fine with this config (as expected). The Unity Clients, however, are failing to obtain an IP address. The debugs on the router indicate that the router does not have an IP to give. The client debugs indicate that its just not receiving a private IP. I don't get it? My ISAKMP client group references a valid pool? Unity Clients will only grab an IP when the following command is added:
crypto isakmp client configuration address-pool local UNITY_CLIENTS_ADDRESS_POOL
But that won't suffice as split-tunnel acls, dns, wins, and such are not pushed to the client in this way. Anyone have any thoughts? See the config snippet attached below for more info...