I am having trouble with this configuration. I can create the tunnel ok, but from the client I can not ping to devices on the lan (ex 192.168.0.20) or the inside interface of the router (192.168.0.1) or vice versa.
I have tried about 1000 variations of this and I am still not getting anywhere. Any ideas.....
service timestamps debug uptime
service timestamps log uptime
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
enable password xxxxx (moderator edit)
username xxxx password xxxxxx (moderator edit)
memory-size iomem 25
no ip domain-lookup
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
crypto isakmp policy 3
crypto isakmp client configuration group 3000client
Once the client makes a successful connection and try to access something on the 192.168.0.x/24, can you look on the client statistics to see if the packets are getting encrypted or not. And if they are encyrpted, Look at the IPSec SA on the router to see if the router is decyrpting the packet and this should point you in the right direction.
I checked that initially, it basically looked like packets would not encrypt from either side. I just figured this out about 10 minutes ago. I upgraded my IOS in the 1710 to the latest and it now works.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...