I'm unable to sucessfully copy the running config from the 501 via the EZ-Vpn link to a tftp server on the core network.
The client PC's on the SOHO network can access the internal netowrks (RFC1918), they can also perform TFTP transfer to the central TFTP server.
Incidentally the syslogs are being received on the central network and the NTP isn't syncing to the core NTP server either. In short the 501 has no connectivity to the internal netowrks - with little indication as to why.
The ACL on the 525 is permiting all traffic from the 501 VPN IP address, I've setup captures on the 525 and on the outside I'm seeing the IPSec packets but I'm seeing nothing on the inside interface.
Here's the output I see on the 501
TFTP write 'YCHILF00F01.cfg' at 10.x.x.x on interface 0
Timed out attempting to connect
111001: Begin configuration: console writing to tftp
111004: console end configuration: FAILED
111008: User 'enable_15' executed the 'write net' command.
What does your NAT config on the 525 look like? Assuming you are doing some sort of NAT 0 ACL, try adding the 82.32.X.X address to this ACL and see if that doesn't solve the translation issues. Let me know if this is not clear.
Hmmm, doubt that the packets are arriving on your 525 from the remote PIX unencrypted since they are destined for a RFC 1918 address range. I feel sure if this was the case, one of the routers across the path would have dropped these packets. I think you are seeing the results after the decryption occurs.
Try adding this to your nonat ACL:
access-list acl-nonat permit ip any 82.32.X.X 255.255.255.255
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :