fa/0.901 has address 10.1.1.1 adn fa0/0.900 has address 10.0.0.254 . When clients from subnet 10.1.1.1/24 connect to 10.1.1.1 , everything works perfect - IPSec protected L2TP tunnel comes up. The same happens when clients from subnet 10.0.0.0/24 connect to 10.0.0.254 . But when client tries to connect to address from different network (10.1.1.0/24 to 10.0.0.254 and 10.0.0.0/24 to 10.1.1.1), it does not work.
Debug output and Cisco config are attached.
I found nothing similar to my problem on Internet. Is this a bug or I missed something?
First of all, since crypto map is used, it will work only on physical interface that belongs to same subnet - this is how crypto map works.
I tried to set up loopback interface and to make clients to connect to loopback's IP. That did not work too. So I ended up with clients connecting to the "closest" physical interface and with split DNS.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...