I am trying to bring up a tunnel between my older 2811 and my new ISR 2811. The tunnel shows QM_IDLE with a sho cry isa sa on both devices but I can't ping across the /30 that I assigned to the tunnel interface and sho ip eigrp neigh doesn't show them as neighbors. I have 10 or so tunnels just like this on the older 2811 but this is the first attempt using the newer ISR 2811. I am using firmware version 12.4(15)T1 (C2800NM-ADVIPSERVICESK9-M). When I do a sho cry eng conn active I see decrypts but 0 encrypts. Help..
access-list 180 permit gre host xxx.xxx.3.70 host 220.127.116.11
from the 2811 ISR
access-list 180 permit gre host 18.104.22.168 host xxx.xxx.3.70
I have a blanket statement to let all VPN related traffic through on my outside facing interface on the vpn gateway both ways. I don't have an ACL yet on the interface on the 2811ISR. This is all I get from the debugs, on the 2811
Jan 14 10:40:32: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...