I have an 827 with 12.2.4(T) and a 1720 with same. I create an IPSEC VPN between them but traffic is not seen inbound to the 1720 from the 827 when I look at sh cry ips sa.
If I ping from the 1720 to the 827 then look at sh cry ips sa on both I see that the echo request has gone throught to the 827 and its replied back thru the tunnel but it never gets decrypted back at the 1720.
I'm also running static nat at both ends but getting around it by use of route-maps in NAT statements (that is, denying NAT to traffic that should be tunneled).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...