I have a working DMVPN solution. I am trying to stand up a secondary DMVPN hub at our disaster recovery site. We are trying to deply to a Dual HUB SIngle DMVPN solution. The HUB2 DMVPN router has an INSIDE trusted interface and has an OUTSIDE UNTRUSTED interface. The inside is 10.248.11.X...the Untrust/public is 192.168.93.11 which is connected to our DMZ 3 on the ASA 5520.....then I am trying to NAT the 192.168.93.11 to an outside public IP 199.248.30.X....just not working...have had 2 tickets open with Cisco this week and they still are unable to resolve. I am sure it is the ASA5520 is not configured correctly but not sure what I am missing.
Thanks for any help...links...done it before...comments
So you need a static translation between dmz and outside. you need an outside acl on the asa for udp/500 udp/4500 and ip protocol 50. you need and acl on the dmz for the ip protocol 50.
I would take a packet capture on the asa outside interface filtering on the 3 ports / protocols above to see if sites are caling in correctly. If you include the trace option in the capture command you can then with the show capture command see how the asa is processing the packets.
Community Live Slides- How to optimize your Cisco Security investments with Threat Response
(Live event - formerly known as Webcast- Tuesday February 18, 2020 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event will have place on Tuesday 18th, ...
Two main issues I am facing as part of ISE guest access POC lab.On any device on first attempt connections works smooth. However, if I disconnect and reconnect the SSID, its repeatedly giving "Couldn't get an IP address" or "No internet connection" on con...
Microsoft published a security advisory providing guidance to increase the security for communications between LDAP clients and Active Directory domain controllers. The document introduced the use of LDAP channel binding and ...
Hi, Hoping someone can help. I am getting the following error message when trying to connect to Cisco any connect: Cisco connection attempt has failed due to network or PC issue.Does anyone know how to solve this issue?
Dear all,can you please share, based on your experience, how should looks like an Endpoint Purge Policy? I would like to Purge all the Endpoints that didn't authenticate during the last 6 months, for example. Thanks,M.