On 7/26/2011 10:58 AM, Ryan West wrote: > On Tue, Jul 26, 2011 at 10:44:19, Jeff Kell wrote: >> Subject: [c-nsp] ASA 8.3/8.4 management issues... >> >> I have some remote sites running off of ASA 5505s, and an existing VPN >> cluster running 8.4(2). > I've rolled everything back to 8.4.1 interim. I have an open bug for 8.4(2) > relating to remote access VPN tunnels traversing other tunnels (same-security > intra-interface). I would switch back to 8.4.1 and see if your problem > follows. If you're interested in the bugID, I'll let you know once one is > generated. >
Turns out my issue was the "route-lookup" clause on the "new" NAT configuration commands. Seems that the "update conversion" of legacy NAT exempt ranges does not include that by default. Working fine now, haven't hit the intra-interface bug [yet]. Jeff _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/