Ok let me start off by saying that a couple of years ago I configured an EasyVPN server to operate with software clients, and those remain functional without issue. The easyvpn server is a 2811-advsecurity (12.4.4T I think). At this point I am attempting to add a 851 router as a EasyVPN remote client. I have made no changes to the server except to allow the clients to save passwords.
Here's the gist of the network:
company LAN --> 2811 ---> ((Internet)) <--residential DSL <-- Linksys WRT54G3GST (using DSL but with 3G backup) <-- Cisco 851 Router
I can use Cisco soft VPN clients either connected to the Linksys router or behind the 851, so it would seem that the proper ports are open in the path. When I set up the 851 as a easyvpn client and save the credentials on the router, it brings up the tunnel (as indicated in the log and by the LED on the device. I am able to ping hosts on the corporate network from the CLI but I cannot reach them from hosts behind the 851, or from the 851's internal Vlan IP. Occasionally the tunnel will drop and from the console I can see it attempting to reconnect. It eventually fails enough attempts and gives up, but then a couple minutes later it retries and brings the tunnel back up right away. **This does not happen to our software clients in general**
The 851 is configured to provide NAT for its devices behind it. Do I need to make some other provisions to get the 851 router to pass traffic from its clients through the tunnel? maybe some sort of route-map to avoid NAT? This is where I'm lost. I don't see any packets denied from the CLI. I'm using the basic SDM-LOW firewall rules.
Also, a side note: It seems that even fresh out of the box the 851 cannot ping hosts on its internal VLAN. It can ping its own Vlan IP, and the routes appear to be in place, but it cannot ping 10.10.10.2, for example. 10.10.10.2 can access the internet via the 851 without issue.
Thanks for your help, and let me know if you need me to post snippets of the configs or logs.