well dog my cats.  there it goes.  Spectacular!

I can now access stuff on campus from behind the DLINK.  I have created a small web page on an on-campus server that spits out the IP you are coming from and it returns:

Your IP is: 192.168.5.100

Awesome.  Now, since they will ask, is there any way to absolutely ensure that this traffic is encrypted?

This has been one heck of a learning experience after a whole week of me bashing my head against the wall.. Thank you so much.

No problem.. Thanks for the ratings

One final question: 

If I wanted to set up a second DLINK elsewhere, can I just do:

object network remote-VPN<-incrementing-number>

  subnet 192.168..0 255.255.255.0

nat (inside,outside) source static local-VPN local-VPN destination static remote-VPN<-number> remote-VPN<-number>

and add another line on the 6509:

ip route 192.168..0 255.255.255.0 131.162.160.2

Then duplicate the config from this DLINK box to another one, changing only the private network number to match the new lines of config?

perfect.  If you're not a cisco trainer, you should be.

You thought you were done with me, I bet!

One really final question.. The connection between the DLINK and our ASA seems to not stay up permanently.  The point of sale equipment on the DLINK side will lose connection, and i have to restart it, or try a few transactions that fail, and then link will eventually come back up.

Is there a way on the ASA side to force it to stay up, or some such thing?  The Dead Peer Detection and Keepalives on the dlink side don't appear enough, or else I have to enable it on the ASA side as well.

Since keepalive between different third party product is not supported, pls turn off keepalive on both end.

On your DLINK, choose None for Keepalive/DPD.

Also, your lifetime is set to 3600 seconds, so if you want to lengthen it on both end, it can stay longer, or alternatively you can run continous ping to keep the VPN tunnel up all the time. There needs to be traffic through the tunnel after the lifetime expired to keep the tunnel up and reset the timer, otherwise, after 3600 seconds, if there is no traffic, it will tear down the vpn tunnel until you initiate the tunnel again.

I've disabled keepalives on both ends..  I've increased the lifetime on the dlink to 7200 (the max it allows).  Can you give me some tips on how to change it on the ASA? 

Can I have something on-campus set up to ping the off campus Point of Sale devices behind their dlink ends to keep the tunnels up? 

On the ASA, pls configure the following:

no crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800

no crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 7200

Yes, you can setup ping from your campus towards the POS devices, however, the VPN tunnel needs to be initiated from the DLINK end. Once the tunnel is established, ping from campus towards POS will keep the tunnel up.

Are you sure?  The DLINK has settings for both IKE Lifetime (28800) and IPSec Lifetime (7200).  When I ran those commands the tunnel went down and hasn't come back up.

disregard, it just came back up.. but please confirm that those settings change the correct lifetime.