When building the Crypto keyring, and isakmp policy, what IP do I use for the local address? Should it be the local interface IP that is natted to the public, or do I put the public IP that is natted on the firewall as a loopback on the router and use that? Been so long since I setup one like this behind an ASA I forgot how!
EX: Interface G0/0 ip 192.168.100.1 -> ASA NAT IP 66.266.267.268
Interface Tunnel1
source IP 192.168.100.1
crypto keyring blah
local-address 192.168.100.1
crypto isakmp profile blah
local-address 192.168.100.1
OR
Interface loopback1
ip add 66.266.267.268
Interface Tunnel1
source IP 66.266.267.268 (or loopback1)
crypto keyring blah
local-address 66.266.267.268
crypto isakmp profile blah
local-address 66.266.267.268