THIS MESSAGE HAS BEEN MOVED TO THE VPN MESSAGE BOARDS. PLEASE RESPOND THERE.
================================================================================
Why does the following config not generate any interesting traffic when I ping 10.40.10.117 from 192.168.100.161?
I have crypto debugging on and there doesn't seem to be any attempt to bring up the tunnel. I would love to hear any insight into this problem.
Thanks.
-pk
(I cut out parts I felt were insignificant to the problem.)
---------------------------------------
name 192.168.100.161 Phil
object-group network AddressesAllowed
description These are addresses that are allowed through the VPN firewall.
network-object 10.40.10.118 255.255.255.255
network-object 10.40.110.71 255.255.255.255
network-object 10.48.10.37 255.255.255.255
network-object 10.48.10.38 255.255.255.255
network-object 192.168.41.31 255.255.255.255
network-object 192.168.41.32 255.255.255.255
network-object 10.46.0.15 255.255.255.255
network-object 10.46.0.19 255.255.255.255
network-object 10.40.10.117 255.255.255.255
network-object 10.46.0.1 255.255.255.255
access-list polnat161 permit ip host Phil object-group AddressesAllowed
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 10.44.3.161 access-list polnat161 0 0
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 40 ipsec-isakmp
crypto map outside_map 40 match address polnat161
crypto map outside_map 40 set peer 21.54.52.112
crypto map outside_map 40 set transform-set ESP-3DES-SHA
crypto map outside_map 40 set security-association lifetime seconds 21600 kilobytes 4608000
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 21.54.52.112 netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption 3des
isakmp policy 40 hash sha
isakmp policy 40 group 2
isakmp policy 40 lifetime 3600