I'd just like to share with the group something that I learned the hard way. It's ebarassing, but I'd like to keep anyone from getting as frustrated as I was.
About 24 hours straight of battling a pair of 5510's and a 5505 and they will now finally pass traffic via the VPN as well as split tunnel. The fix......changed the VLANs from the defaults. There is a little note in the EasyVPN 5505 documentation the states in a not so well way that the "home vlan" will only support NAT-T and not native IPSEC. It seems to me that something like that warrants a bit more attention than a little note as an after thought.
This is probably old news but wanted to share anyway just in case there is someone else out there like me that can't read.
What the heck is a "home VLAN" anyway!? That's dumb.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...