- Silver, 250 points or more
I've just had the most frustrating couple of weeks in my entire career, and it came down to a case of "too many fingers on keyboard' syndrome.
I was trying to get a site-to-site VPN configured between my ASA and one of our teleworkers on a 887 at the other end.
I got the damn thing working on the internet, NATing properly, all sweet - but I could *not* get the tunnel running.
I deleted it, re-created it, deleted it, re-created it, tweaked this, tweaked that - still couldn't sort it out.
After looking voer the config for what must have been the 400th time, I noticed one thing.
When I defined the protected network at the remote end, I juxtaposed two octets of the Ip range.
So I had the router offering 10.0.250.8/29 - and the firewall expecting 10.250.0.8/29
As *soon* as I corrected the typo - viola, tunnel coems up. yeah, I had a couple of missing nat exempts as well, but it damn well worked!
So, fellow learned ones - what's been YOUR biggest "Network Adminsitrator is an idiot" moment?