Hi Richard,If we are talking about Remote access VPNs, i think one of your private ip range(192.168.1.x or 10.10.10.x) is designed for the IP address pool for these Remote access clients. So, briefly 1 subnet is for Remote access pool(when Remote Use...

Hi Tony, Sorry for the late response, Can you please try checking nat-traversal (NAT-T) on both ASA and 1811 ? I believe in IOS, NAT-T is enabled by default after Cisco IOS Software Release 12.2(13)T and later. Both sides should be NAT-T enabled or v...

My bad.. I misinterpret your config..Can you please change outside with inside interface and post the result? At which phase are you getting Drop ?#packet-tracer input inside icmp 10.129.105.100 8 0 10.157.1.1And can you post your ACL - interesting t...

Hi Tony,Can you pls post below command's result?On your ASA5520:#packet-tracer input outside icmp 10.129.105.100 8 0 <internal IP address behind Router>e.g. above "outside" is nameif for outside interface. Use 8 : Icmp type - EchoUse 0 : Icmp Code - ...

Hi Ramadori1, You don't need the 2nd Public IP block for NATting. You can use 12.35.25.234 255.255.255.248(IP on your ASA facing to 3945E) on your ASA. Dynamic NAT translates a group of private addresses to a pool of mapped addresses that are routabl...