Still nothing when issuing the command:

ping ip 192.168.10.1 source 192.168.30.1

Thnk you so much!!!

Can you tell me what I need to do on my switch so that I can get a PC on the 192.168.10.0 net please?  I assume that the PC will need to be a static IP since we are blocking NAT over the VPN.  Am I correct on this?

I do not want to share my 110 & 115 networks over the VPN.  But, I do need access to the 192.168.2.0 office network so I can get my VoIP phone up.   I assume that I would use the same settngs for the phone as the PC except I need to set it in Switchport Voice VLAN 2.  Also, does the phone need to be static or can it use a dynamic IP from the office over the VPN?

Thanks so much!!!

UPDATE

I added the routes below:

OFFICE VPN ROUTER

ip route 192.168.30.0 255.255.255.0 FastEthernet0/0

OFFICE CME ROUTER

ip route 192.168.30.0 255.255.255.252 192.168.10.1

HOME ROUTER

ip route 192.168.10.0 255.255.255.0 GigabitEthernet0/0

I can now ping the 192.168.10.5 port on the CME router.  But I cannot ping the 192.168.2.1 port of the CME router.

Then all of a suddon I can no onger ping anthing on the 192.168.10.x network fro mome.  SH CRYPTO SESSION

Session status: UP-ACTIVE    

Peer: 40.197.68.9 port 4500

  IKEv1 SA: local 192.168.30.1/4500 remote 40.197.68.9/4500 Active

  IPSEC FLOW: permit ip 192.168.30.0/255.255.255.252 192.168.2.0/255.255.255.0

        Active SAs: 2, origin: crypto map

  IPSEC FLOW: permit ip 192.168.30.0/255.255.255.252 192.168.10.0/255.255.255.0

        Active SAs: 2, origin: crypto map

So now I am stuck again.   Also, I do need this VPN to be up 7x24 so my VoIP phone will allways work.

Your VPN1-FLA-TRAFFIC and VPN-TRAFFIC ACL's have to match (in reverse):

OFFICE:

ip access-list extended VPN1-FLA-TRAFFIC

permit ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.3

permit ip 192.168.2.0 0.0.0.255 192.168.30.0 0.0.0.3

HOME:

ip access-list extended VPN-TRAFFIC

permit ip 192.168.30.0 0.0.0.3 192.168.10.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.3 192.168.2.0 0.0.0.255

But, of course, you'll either need the 192.168.2.0/24 network on your OFFICE router, or a route on your OFFICE router to point to that network (as it is not defined currently - from what I see in your config).

HTH!

-Chris

I have changed both access list to allow the 192.168.2.0 network.  I added an interface to the CME OFFICE router for the 192.168.10.0 network.  I then added a static route to the 192.168.2.0 network from the OFFICE MAIN router.  I can ping the  CME (192.168.2.1) router from the office Main (192.168.10.1) router.

BUT, the VPN keeps stop sending data even though its status is UP-ACTIVE .  It will send ping data for about 1 or 2 minutes and goes deas yet still UP-ACTIVE. It takes a while to drop the VPN and when I re-establish it, data works for a few mins.

So, what do I need to add/change to get a stable perminate VPN connection?

-Michael

That seems to help a lot!!! Thanks so much. 

Okay, now I have connectivity to my HOME router.  What do I need to add to the HOME router and my Cisco 3550 switch so that I can get a phone connected?  Also, will the phone get its IP from the OFFICE router or do I set a static one it in?

Thank you so much for this!  Once I re-ordered my NAT rules for the "interesting" traffic, things took right off!  The ASDM made it easy for me to move 'em up the list prior to any other NAT taking place 

Hello.

I'm facing the same kind of issue. I'm able to connect to the VPN (Cisco-ASA-5505) but cannot ping internal network. Please advise/help.