I have a 3002 in network extension mode on a 10.0.3.x subnet coming into a 3005 with an inside interface of 10.0.0.21. Central site is a 10.0.0.x. I have an inside router to tell the 10.0.3.x traffic to go ove to the inside interface of the 3005 and all Internet traffic to take the next hop which is a PIX at 10.0.0.25 to get out to the Internet. Perimeter router is a 3640 with a public IP. The 3002 traffic gets to network resources fine and I even have an IP Phone behind it as well that is working but the 3002 traffic cannot get back out to the Internet. For security reasons I can't allow split tunneling. Here is my inside router config. I think the 3002 packets are looping as the router sends all 10.0.2.x traffic to the 3005 but the 3005 then sends all internet traffic back to the same router. The tunnel default gateway is 10.0.0.18 but I have tried it as 10.0.0.25 but no luck.
I was able to do it on the 3005 but could not find it on the 3002 and TAC said it can't be done on the 3002 even though the link you sent me says it can. I have a proper software load on the 3002 according to the paper. I have 3.5.2 and the paper saids anything above 3.5 should do. Any thoughts? My PIX is set up to allow any subnet out by nat using the global.
Thatnks Paul, The 3002 is now shwing up on the routeing table on the 3005 byt the 3002 still cannot ping the PIX. Can you take a look at this config on the inside router and tell me what might be wrong?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...