Re: VPN Config for L2L / Set Peer / Cisco VPN Client
Difficult to figure out without some debug from when the spokes try to connect. Does the spoke tunnel(s) even get built but just no traffic passes? Or do they not get built at all?
First off I would create a new "crypto keyring" and separate the the two pre-shared keys for your dynamic and static peers, I'm not sure that having two pre-shared leys for different addresses within the same keyring would work correctly. The router may pick up the 0.0.0.0 keyring for the static peer which would then have the wrong pre-shared key and fail. Don't assume that because the static peer is listed first under the keyring that it'll be hit first, it doesn't always work that way.
Other than that we'd need to see some debugs and the output of the following commands to see what's going on:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...