I have a cisco 851 that is connection to an ASA box. I don't have access to the ASA (outsourced company) but the 851 is local. They initially wanted to run private Ip's on the switching side but we told them thats not the standard for our company. So we came up with an option just to allow their tunnel ip through our firewall (ipsec ports only) to connect to the 851. Then use the same interface to connect to the server they need.
I'm only using the fa4 (wan) interface on the 851 with public addressing on both sides.
I can initiate the tunnel and it comes up but can't get nay data back. When we test with private addressing on vlan 1 the end user can pass data.
Eg.(not real addressing)
851 = 184.108.40.206 (fa4)
ASA = 220.127.116.11
local server = 18.104.22.168
remote server = 10.10.10.10
When the end user tries to send traffic to 22.214.171.124 (local server) it doesn't hit the tunnel it tries to go over the internet.
Any ideas? Do I need to use 1 public address on vlan 1 and one on fa4 in order for this to work. He says there crypto map is dynamic so the info should hit the tunnel.