I have just configured a 1841 router to connect to our central office as a hardware client in client mode, normal internal traffic works fine but when i try and access the subnet in the central office i get the following in the debug output.
the strange thing is these named access-list seem to dynamiclly generated as i can view them but not edit them.
thanks for the advise although software clients work fine but i guess they do already get an IP address from the ASA VPN pool scope which is in the 192.168.255.0/255.255.255.0 range which is already configured on the ASA as nat0, the router is getting an IP from this range also but the LAN side is 10.255.255.240/255.255.255.240 so i added this to the same nat exempt rule but this hasn't resolved it, i would assume this shouldn't matter as the router is running in client mode so it should nat all traffic from the LAN to the assigned 192.168.255.x address which the ASA assigned it? may be i need a nat rule to nat the VPN interface to the LAN address?
for some reason the above config has just started working!
I just have one problem left that it seems to generate a access-list on the router shown below.
Extended IP access list xxxx-CC_enterprise-list
10 permit ip 10.255.255.240 0.0.0.15 any (12 matches)
but i have another subnet coming froma layer 3 switch wich is 172.16.32.0 0.0.1.255 and this can not access the tunnel until i manually edit the above access list but if the tunnel drops this is cleared
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...