I was tasked on building a Site to Site with a partner vendor and after exchanging information such as peer address, PSK, etc, I started to build my end of the tunnel. The way the topology is setup is that I have an 871 ISR behind a broadband business class router that currently is allowing unrestricted access out to the internet. After configuring the tunnel, I can't seem to ping my peer address when I apply access-list 100 to the int fa4 (outside WAN) but I can ping when access-list 102 is applied. Am I doing something wrong? Would be great if someone out there can give me some feedback on this Below is the commands I implemented on the router: Thanks in advanced guys!
My Internal = 172.28.3.1/24
My Public = 50.243.50.102
Peer Internal = 206.53.227.250
Peer Public = 206.53.227.24
access-list 100 permit ip 172.28.3.0 0.0.0.255 206.53.227.240 0.0.0.15
access-list 100 deny ip any any
ip nat inside source list 100 in interface FastEthernet4 overload
crypto isakmp policy 10
encryption 3des
hash sha
group 2
crypto isakmp key <Key> address 206.53.227.24
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto map mymap 10 ipsec-isakmp
set peer 206.53.227.24
set transform-set myset
match address 100
interface FastEthernet4
ip nat outside
crypto map mymap