I am implementing a ASA and replacing a PIX that is currently terminating Cisco Client VPN's and a few IPSEC Lan-2-Lan IPSEC tunnels. The other routers that are connecting to my PIX today roam around and get different IP addresses via DHCP and/or different Internet Connections so the way I got around this was from the URL below with the commands "isakmp key cisco123 address 0.0.0.0 netmask 0.0.0.0" so it would except any peer. This worked well because I could explicitly state what my interesting traffic was and whether I wanted to split tunnel or not.
I cannot figure out how to do this with an ASA. I want to implement the ASA because our VPN Clients and IPSEC Peers want to communicate with each other and I want to route this traffic via my VPN Tunnels that are terminated on the new ASA.
I dont think a simple EZVPN solution will work because of the split tunneling and routing in this case but someone can tell me otherwise.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...