I have several DMVPN sites all running fine. I need to setup one site behind a firewall(ASA) and segmented out on a seperate vlan(3750)
The Firewall has a routed vlan and is directly connected to the switch (vlan 99) the 1841 router (DMVPN SPOKE) is in vlan 100. Vlan 100 is a routeable vlan.
I have full connectivity to the Internet all other apps and functions are working. The dmvpn router (1841) has internet connectivity. The crypto SA's Keep expiring. No complete vpn connection. Here's the Kicker. If i place the 1841 in the same vlan as the ASA, It works fine. If i put a pix firewall in front of the 1841 router back in vlan 100 it works! If i put it back in vlan 100 with the vlan100 interface as the default gw it doesn't work!
I'm Not really sure where to start at on this issue.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...