There is very much quite strange with your config:
1) you are mixing crypto-map and VTI-config in a way that doesn't seem to make any sense. What exactly do you want to achieve? 2) in this scenario you probably can't use transport-mode 3) the crypto-ACL only needs the local view of the traffic that has to be protected. 4) the value used by ip tcp adjust-mss is too large for ipsec
Sent from Cisco Technical Support iPad App
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
Thanks for the response. Im am really new at this which may help to explain why the config looks so odd.
THe current (working) setup is an ipsec tunnel but i have no way to monitor the tunnel except for pings. My end goal would be to move the ipsec traffic to a tunnel interface so i can monitor up / down's and traffic usage.
both ends are cable modems with one being a static ip address (the 70.x.119.x address). I would idealy only want that system to be accepting connections, and not trying to reachout to the other system.
The remote system is a edgemax (ubnt) system. Like i said... currently i have this working but its all tied to fa0/0 via the following.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...