Can't see to fight my way out of this configuration. We have a router that is configured with IPSec Dynamic L2L peers and Remote access (pretty much using this configuration: LINK ). I'm not use to the keyring / Profile configuration. But trying to add a tunnel without a profile, maybe "non-dynamic" peer?
Thanks guys, but I had fixed the problem before your replies. Just haven't had time to update my post. LA-Engineer was very close and might work. But I tried a configuration very close to his above, and was not working for me. But again maybe I was doing something wrong.
What I read somewhere (I've tried to find where but no luck) was that ISAKMP Profiles are match to the closest match. Can someone confirm or deny this? As I can not find where I read that. Anyway what worked for me was a config very close to LA-Eng's config:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...