I have a 501 implemented between a host and an ISDN modem. The modem hands out DHCP info to the 501 outside interface on a 192.168.1.x network. The 501 hands out DHCP info to hosts behind it. The 501 has a VPNClient config back to a 3005 concentrator. The odd problem I'm getting is that the hosts can not reach the IP on the modem which is required to manually dial. PDM log viewer does not even show the traffic going through the interface deny or permit.
I copied the config to a lab environment and was able to reach everything just fine. I was able to replicate the problem, but resolving it just seems to involve wiping the config and step by step reimplementing the same config through PDM.
Has anyone experienced problems where depending on the order of config entry you get different results? The end config looks the same, but the order of implementation seems to matter.
Order of entry can matter - you might need to do clear xlate after changing statics/globals/etc, and crypto map interface reinitializes IPSec mojo.
It sounds like you had/have a DHCP problem between the pix and the ISDN TA. If you control both, I would not use DHCP. If you don't control the ISDN TA and must use dhcp, you are using ip address outside dhcp setroute , right?
I usually reload after making these changes in hopes of getting a fresh start. I'll try clear xlate and see if that helps any.
I could possibly hard code the 501, but I get the same results in my test lab with a linsys cable router instead of the ISDN modem. Also, I have clients directly off of that unit and servicing DHCP is handy for them. Not sure if it is a problem with the 501 not liking the lease it recieved or not. I do have ip address outside dhcp setroute in place. The odd thing is that from the 501 outside interface I am unable to ping ANY devices in its own subnet as well "ping outside 192.168.1.3"..... generates No response.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...