I've got a strange one or I'm getting a good case of the stupids. I have an ASA5505 Security Plus back in the US on my home network & a 881W with 15.1 Adv IP Services in Afghanistan. I set up a site-to-site VPN between the two. I could ping my 2511 for my home lab from the 881W when sourced from the crypto map's "interesting traffic" VLAN, but not from my laptop which is on that same VLAN. Set up an ACL to debug the IP packets between the two hosts. Turned off ip cef so I could get the debug info & did a ping - the traffic went through. Turned ip cef back on & the traffic was blocked again. What is with ip cef? Are there any negative interactions with IPSec VPNs? Pertinent excerpt from "show ip cef" be;ow.
Prefix Next Hop Interface
10.10.30.18/32 attached Vlan30
10.101.2.0/24 126.96.36.199 FastEthernet4
10.139.22.176/28 attached FastEthernet4
10.139.22.176/32 receive FastEthernet4
10.139.22.177/32 attached FastEthernet4
10.139.22.178/32 receive FastEthernet4
10.10.30.18 on VLAN30 is my laptop. 188.8.131.52 is my outside interface on the ASA (other end of IPSec tunnel). 10.101.2.0 is the interesting traffic on the home network. 10.139.22.177 is the satellite modem GW & .178 is my 881W outdside interface. It is NAT'd by the satellite provider to a public IP.
Thanks, David D.