One thing I found was under policy map policy-map multi-match VLAN10 class VS-ETmail loadbalance vip inservice loadbalance policy PM-Mail loadbalance vip icmp-reply nat dynamic 1 vlan 10Also do you have multiple service-policies in your ...
One thing to understand about Tran sport mode vs Tunnel mode (ipsec) is thst Transport is used between acyual source and destination of the ip protocol Tunnel mode actually not only authenticates but also encrypts at the higher layers of the pckt Pi...
Another troubleshooting ides is to turn off Nat-T no crypto isakmp nat-traversalSee what happens question do both devices support NAT-T, and keeaplives
I hope some of these issues help you out as I am running into a very similiaer situation .I notice in looking at the logfs perhaps bypassing ACL NAT could point us in right direction.Take care*Oct 30 20:17:05.639: CryptoEngine0: validate proposal req...