Easy VPN Server on cisco 1760. Can't access LAN resources.

lourite
lourite used Ask the Experts™
on
Easy VPN Server configured on 1760.  Can connect and authenicate..tunnel is built.  However can not get to anything on the LAN.  Config below.
Was able to test using VPN pool addresses configured on eth1/0 however when vpn'd in can't get anywhere.

Banging my head against the wall on this one.
-----------------------------------

!
! Last configuration change at 23:38:09 PCTime Wed May 30 2007 by
! NVRAM config last updated at 23:38:11 PCTime Wed May 30 2007 by
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname watchdog
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxxxx
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
ip subnet-zero
no ip source-route
ip cef
!
!
!
no ip bootp server
ip domain name xxxxxxxxxxxxxx
ip name-server 208.xx.xx.xxx
ip name-server 208.xx.xx.xxx
ip name-server 10.10.10.xx
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip audit po max-events 100
!
!
username xxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxx
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp xauth timeout 15

!
crypto isakmp client configuration group xxxxxxxx
 key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 dns 10.10.10.xx
 wins 10.10.10.xx
 pool SDM_POOL_1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA
 reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
interface Null0
 no ip unreachables
!
interface Ethernet0/0
 description Connected to Internet
 ip address 208.xx.xx.xx 255.255.255.192
 ip access-group 103 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect SDM_LOW out
 ip route-cache flow
 half-duplex
 crypto map SDM_CMAP_1
!
interface FastEthernet0/0
 description Connected to LAN    
 ip address 192.168.24.1 255.255.255.0 secondary
 ip address 10.10.10.1 255.255.255.0
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 speed auto
 full-duplex
!
interface Ethernet1/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 half-duplex
!
router eigrp 101
 passive-interface Ethernet0/0
 network 10.10.10.0 0.0.0.255
 network 192.168.24.0
 network 208.xx.xxx.0 0.0.0.63
 no auto-summary
!
ip local pool SDM_POOL_1 192.168.24.xx 192.168.24.xx
ip nat inside source route-map SDM_RMAP_1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 208.xx.xxx.1
!
ip http server
ip http access-class 2
ip http secure-server
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.24.0 0.0.0.255
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark SDM_ACL Category=2
access-list 100 deny   ip any 192.168.24.60 0.0.0.3
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 101 remark Applied Inbound LAN (f0/0)
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 208.xx.xxx.0 0.0.0.63 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 208.xx.xxx.0 0.0.0.63 any
access-list 102 deny   ip 10.10.10.0 0.0.0.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit udp host 208.xx.xxx.xxx eq domain host 208.xx.xx.xx
access-list 103 permit udp host 208.xx.xxx.xxx eq domain host 208.xx.xx.xx
access-list 103 permit ahp any host 208.xx.xx.xx
access-list 103 permit esp any host 208.xx.xx.xx
access-list 103 permit udp any host 208.xx.xx.xx eq isakmp
access-list 103 permit udp any host 208.xx.xx.xx eq non500-isakmp
access-list 103 deny   ip 192.168.24.0 0.0.0.255 any
access-list 103 deny   ip 10.10.10.0 0.0.0.255 any
access-list 103 permit icmp any host 208.xx.xx.xx echo-reply
access-list 103 permit icmp any host 208.xx.xx.xx time-exceeded
access-list 103 permit icmp any host 208.xx.xx.xx unreachable
access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 deny   ip any any log
access-list 104 remark VTY Access-class list
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip 192.168.24.0 0.0.0.255 any
access-list 104 permit ip 10.10.10.0 0.0.0.255 any
access-list 104 deny   ip any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
route-map SDM_RMAP_1 permit 1
!
!
!
!
!
banner login Dude!!!
!
line con 0
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 access-class 104 in
 password 7 xxxxxxxxxxxxxx
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end
--------------------------------------------------
Log output from Cisco VPN Client.
---------------------------------------------------
Cisco Systems VPN Client Version 4.8.01.0300
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

1      08:52:54.453  05/31/07  Sev=Info/4      CM/0x63100002
Begin connection process

2      08:52:54.453  05/31/07  Sev=Info/4      CM/0x63100004
Establish secure connection using Ethernet

3      08:52:54.453  05/31/07  Sev=Info/4      CM/0x63100024
Attempt connection with server "xxxxxxxxxxxxxxxxx.com"

4      08:52:55.453  05/31/07  Sev=Info/6      IKE/0x6300003B
Attempting to establish a connection with 208.x.x.x. ( Public IP )xx.xx.xx.

5      08:52:55.468  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 208.x.x.x. ( Public IP )xx.xx.xx

6      08:52:55.468  05/31/07  Sev=Info/4      IPSEC/0x63700008
IPSec driver successfully started

7      08:52:55.468  05/31/07  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

8      08:52:55.468  05/31/07  Sev=Info/4      IPSEC/0x6370000D
Key(s) deleted by Interface (192.168.244.160)

9      08:52:55.812  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

10     08:52:55.812  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 208.x.x.x. ( Public IP )xx.xx.xx

11     08:52:55.812  05/31/07  Sev=Info/5      IKE/0x63000001
Peer is a Cisco-Unity compliant peer

12     08:52:55.812  05/31/07  Sev=Info/5      IKE/0x63000001
Peer supports DPD

13     08:52:55.812  05/31/07  Sev=Info/5      IKE/0x63000001
Peer supports DWR Code and DWR Text

14     08:52:55.812  05/31/07  Sev=Info/5      IKE/0x63000001
Peer supports XAUTH

15     08:52:55.812  05/31/07  Sev=Info/5      IKE/0x63000001
Peer supports NAT-T

16     08:52:55.828  05/31/07  Sev=Info/6      IKE/0x63000001
IOS Vendor ID Contruction successful

17     08:52:55.828  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 208.x.x.x. ( Public IP )xx.xx.xx

18     08:52:55.828  05/31/07  Sev=Info/6      IKE/0x63000055
Sent a keepalive on the IPSec SA

19     08:52:55.828  05/31/07  Sev=Info/4      IKE/0x63000083
IKE Port in use - Local Port =  0x1194, Remote Port = 0x1194

20     08:52:55.828  05/31/07  Sev=Info/5      IKE/0x63000072
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device

21     08:52:55.828  05/31/07  Sev=Info/4      CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

22     08:52:55.875  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

23     08:52:55.875  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from 208.x.x.x. ( Public IP )xx.xx.xx

24     08:52:55.875  05/31/07  Sev=Info/5      IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds

25     08:52:55.875  05/31/07  Sev=Info/5      IKE/0x63000047
This SA has already been alive for 0 seconds, setting expiry to 86400 seconds from now

26     08:52:55.875  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

27     08:52:55.875  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 208.x.x.x. ( Public IP )xx.xx.xx

28     08:52:55.875  05/31/07  Sev=Info/4      CM/0x63100015
Launch xAuth application

29     08:53:01.093  05/31/07  Sev=Info/4      CM/0x63100017
xAuth application returned

30     08:53:01.093  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 208.x.x.x. ( Public IP )xx.xx.xx

31     08:53:01.140  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

32     08:53:01.140  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 208.x.x.x. ( Public IP )xx.xx.xx

33     08:53:01.140  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 208.x.x.x. ( Public IP )xx.xx.xx

34     08:53:01.140  05/31/07  Sev=Info/4      CM/0x6310000E
Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

35     08:53:01.171  05/31/07  Sev=Info/5      IKE/0x6300005E
Client sending a firewall request to concentrator

36     08:53:01.171  05/31/07  Sev=Info/5      IKE/0x6300005D
Firewall Policy: Product=Cisco Systems Integrated Client Firewall, Capability= (Centralized Protection Policy).

37     08:53:01.171  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 208.x.x.x. ( Public IP )xx.xx.xx

38     08:53:01.218  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

39     08:53:01.218  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 208.x.x.x. ( Public IP )xx.xx.xx

40     08:53:01.218  05/31/07  Sev=Info/5      IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 192.168.24.x ( VPN POOL IP )

41     08:53:01.218  05/31/07  Sev=Warning/3      IKE/0xE3000085
The length, 0, of the Mode Config option, INTERNAL_IPV4_NETMASK, is invalid

42     08:53:01.218  05/31/07  Sev=Info/5      IKE/0xA3000016
MODE_CFG_REPLY: The received (32767) attribute and value (2) is not supported

43     08:53:01.218  05/31/07  Sev=Info/5      IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 10.10.10.x ( LAN IP)

44     08:53:01.218  05/31/07  Sev=Info/5      IKE/0x63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 10.10.10.x ( LAN IP)

45     08:53:01.218  05/31/07  Sev=Info/5      IKE/0xA3000017
MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (168430090) is not supported

46     08:53:01.218  05/31/07  Sev=Info/5      IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-ADVENTERPRISEK9-M), Version 12.3(22), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Wed 24-Jan-07 15:39 by ccai

47     08:53:01.218  05/31/07  Sev=Info/5      IKE/0x6300000D
MODE_CFG_REPLY: Attribute = Received and using NAT-T port number , value = 0x00001194

48     08:53:01.218  05/31/07  Sev=Info/4      CM/0x63100019
Mode Config data received

49     08:53:01.218  05/31/07  Sev=Info/4      IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.24.x ( VPN POOL IP ), GW IP = 208.x.x.x. ( Public IP )xx.xx.xx, Remote IP = 0.0.0.0

50     08:53:01.218  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 208.x.x.x. ( Public IP )xx.xx.xx

51     08:53:01.546  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

52     08:53:01.546  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME) from 208.x.x.x. ( Public IP )xx.xx.xx

53     08:53:01.546  05/31/07  Sev=Info/5      IKE/0x63000045
RESPONDER-LIFETIME notify has value of 3600 seconds

54     08:53:01.546  05/31/07  Sev=Info/5      IKE/0x63000046
RESPONDER-LIFETIME notify has value of 4608000 kb

55     08:53:01.546  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH) to 208.x.x.x. ( Public IP )xx.xx.xx

56     08:53:01.546  05/31/07  Sev=Info/5      IKE/0x63000059
Loading IPsec SA (MsgID=A361106F OUTBOUND SPI = 0xC171747F INBOUND SPI = 0x5BB47E6F)

57     08:53:01.546  05/31/07  Sev=Info/5      IKE/0x63000025
Loaded OUTBOUND ESP SPI: 0xC171747F

58     08:53:01.546  05/31/07  Sev=Info/5      IKE/0x63000026
Loaded INBOUND ESP SPI: 0x5BB47E6F

59     08:53:02.046  05/31/07  Sev=Info/4      CM/0x63100034
The Virtual Adapter was enabled:
      IP=192.168.24.x ( VPN POOL IP )/255.255.255.0
      DNS=10.10.10.x ( LAN IP),0.0.0.0
      WINS=10.10.10.x ( LAN IP),0.0.0.0
      Domain=
      Split DNS Names=

60     08:53:02.046  05/31/07  Sev=Warning/2      CVPND/0xE3400013
AddRoute failed to add a route: code 87
      Destination      172.23.255.255
      Netmask      255.255.255.255
      Gateway      192.168.24.x ( VPN POOL IP )
      Interface      192.168.24.x ( VPN POOL IP )

61     08:53:02.046  05/31/07  Sev=Warning/2      CM/0xA3100024
Unable to add route. Network: ac17ffff, Netmask: ffffffff, Interface: c0a8183e, Gateway: c0a8183e.

62     08:53:02.062  05/31/07  Sev=Info/4      CM/0x63100038
Successfully saved route changes to file.

63     08:53:02.062  05/31/07  Sev=Info/6      CM/0x63100036
The routing table was updated for the Virtual Adapter

64     08:53:02.140  05/31/07  Sev=Info/4      CM/0x6310001A
One secure connection established

65     08:53:02.234  05/31/07  Sev=Info/4      CM/0x6310003B
Address watch added for 172.23.67.x (remote site ip).  Current hostname: FENRIS, Current address(es): 192.168.24.x ( VPN POOL IP ), 172.23.67.x (remote site ip).

66     08:53:02.250  05/31/07  Sev=Info/4      CM/0x6310003B
Address watch added for 192.168.24.x ( VPN POOL IP ).  Current hostname: FENRIS, Current address(es): 192.168.24.x ( VPN POOL IP ), 172.23.67.x (remote site ip).

67     08:53:02.250  05/31/07  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

68     08:53:02.250  05/31/07  Sev=Info/4      IPSEC/0x63700010
Created a new key structure

69     08:53:02.250  05/31/07  Sev=Info/4      IPSEC/0x6370000F
Added key with SPI=0x7f7471c1 into key list

70     08:53:02.250  05/31/07  Sev=Info/4      IPSEC/0x63700010
Created a new key structure

71     08:53:02.250  05/31/07  Sev=Info/4      IPSEC/0x6370000F
Added key with SPI=0x6f7eb45b into key list

72     08:53:02.250  05/31/07  Sev=Info/4      IPSEC/0x6370002F
Assigned VA private interface addr 192.168.24.x ( VPN POOL IP )

73     08:53:02.250  05/31/07  Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 1.

74     08:53:11.578  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 208.x.x.x. ( Public IP )xx.xx.xx

75     08:53:11.578  05/31/07  Sev=Info/6      IKE/0x6300003D
Sending DPD request to 208.x.x.x. ( Public IP )xx.xx.xx, our seq# = 2269268693

76     08:53:11.609  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

77     08:53:11.625  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 208.x.x.x. ( Public IP )xx.xx.xx

78     08:53:11.625  05/31/07  Sev=Info/5      IKE/0x63000040
Received DPD ACK from 208.x.x.x. ( Public IP )xx.xx.xx, seq# received = 2269268693, seq# expected = 2269268693

79     08:53:22.078  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 208.x.x.x. ( Public IP )xx.xx.xx

80     08:53:22.078  05/31/07  Sev=Info/6      IKE/0x6300003D
Sending DPD request to 208.x.x.x. ( Public IP )xx.xx.xx, our seq# = 2269268694

81     08:53:22.125  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

82     08:53:22.125  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 208.x.x.x. ( Public IP )xx.xx.xx

83     08:53:22.125  05/31/07  Sev=Info/5      IKE/0x63000040
Received DPD ACK from 208.x.x.x. ( Public IP )xx.xx.xx, seq# received = 2269268694, seq# expected = 2269268694

84     08:53:32.578  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 208.x.x.x. ( Public IP )xx.xx.xx

85     08:53:32.578  05/31/07  Sev=Info/6      IKE/0x6300003D
Sending DPD request to 208.x.x.x. ( Public IP )xx.xx.xx, our seq# = 2269268695

86     08:53:32.625  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

87     08:53:32.625  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 208.x.x.x. ( Public IP )xx.xx.xx

88     08:53:32.625  05/31/07  Sev=Info/5      IKE/0x63000040
Received DPD ACK from 208.x.x.x. ( Public IP )xx.xx.xx, seq# received = 2269268695, seq# expected = 2269268695

89     08:53:43.078  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 208.x.x.x. ( Public IP )xx.xx.xx

90     08:53:43.078  05/31/07  Sev=Info/6      IKE/0x6300003D
Sending DPD request to 208.x.x.x. ( Public IP )xx.xx.xx, our seq# = 2269268696

91     08:53:43.109  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

92     08:53:43.109  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 208.x.x.x. ( Public IP )xx.xx.xx

93     08:53:43.109  05/31/07  Sev=Info/5      IKE/0x63000040
Received DPD ACK from 208.x.x.x. ( Public IP )xx.xx.xx, seq# received = 2269268696, seq# expected = 2269268696

94     08:53:53.578  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 208.x.x.x. ( Public IP )xx.xx.xx

95     08:53:53.578  05/31/07  Sev=Info/6      IKE/0x6300003D
Sending DPD request to 208.x.x.x. ( Public IP )xx.xx.xx, our seq# = 2269268697

96     08:53:53.625  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

97     08:53:53.625  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 208.x.x.x. ( Public IP )xx.xx.xx

98     08:53:53.625  05/31/07  Sev=Info/5      IKE/0x63000040
Received DPD ACK from 208.x.x.x. ( Public IP )xx.xx.xx, seq# received = 2269268697, seq# expected = 2269268697

99     08:54:04.078  05/31/07  Sev=Info/4      IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 208.x.x.x. ( Public IP )xx.xx.xx

100    08:54:04.078  05/31/07  Sev=Info/6      IKE/0x6300003D
Sending DPD request to 208.x.x.x. ( Public IP )xx.xx.xx, our seq# = 2269268698

101    08:54:04.140  05/31/07  Sev=Info/5      IKE/0x6300002F
Received ISAKMP packet: peer = 208.x.x.x. ( Public IP )xx.xx.xx

102    08:54:04.140  05/31/07  Sev=Info/4      IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from 208.x.x.x. ( Public IP )xx.xx.xx

103    08:54:04.140  05/31/07  Sev=Info/5      IKE/0x63000040
Received DPD ACK from 208.x.x.x. ( Public IP )xx.xx.xx, seq# received = 2269268698, seq# expected = 2269268698
--------------------------------
Thanks in advance for your help....

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Tighten up this route map :   route-map SDM_RMAP_1 permit 1

A Permit with no match, matches everything. This is tied to the NAT overload so return traffic that should be going over the IPSEC tunnel (VPN) is getting picked up and NAT'ed out the non tunnel interface.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial