07-03-2019 02:14 PM - edited 02-21-2020 09:16 AM
Say the interesting traffic is ANY source on the ASA where you have IPSEC tunnels built. If I ping a destination IP which is deemed interesting traffic, what is a good way confirm the traffic is taking the IPSEC tunnel?
Solved! Go to Solution.
07-03-2019 02:51 PM
07-03-2019 02:22 PM
if the default route interface tunnel yes, if not take - depends on source IP it will take path for outbound traffic.
07-03-2019 02:29 PM
07-03-2019 02:39 PM
07-03-2019 02:45 PM
07-03-2019 02:47 PM
07-03-2019 02:51 PM
07-04-2019 12:29 AM
What i meant was, by defautl you are pointing your Public Facing IP address towards ISP, that way you able to establish Tunnels.
So if you ping from the device it uses Public IP address so it will go to ISP.
If you have setup ACL and they are part of IPSEC Tunnel intresting traffic, if you source them they use Tunnel.
First step is - make sure your IPSEC Tunnel up and running, other side also allow your IP RANGE ( no duplication of IP RANGe, if any you need do double NAT.)
you can check with show crypto command for the traffic going via tunnel.
it would be nice provide more configuration both the sides including show crypto information to suggest best.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide