Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
1
Replies

ASA blocking IPsec to any outside end-point

rwiechman
Beginner
Beginner

‎01-09-2010 11:02 AM - edited ‎03-11-2019 09:55 AM

I have a routed firewall configuration that requires folks on Inside network to be able to use

IPsec VPN which terminates both at the shared public interface and also other end points.

I can't seem to set the ASA to allow it.  I've added a low security IPsec-passthrough-map

which didn't help.

I am fine with globally allowing the use of IPsec from the internal network.

Any ideas would be appreciated.

Thanks,  Roger

Labels:
0 Helpful
1 Reply 1

vilaxmi
Cisco Employee
Cisco Employee

‎01-09-2010 11:52 AM

Hello,

Is your tunnel UP and you are just not able to pass traffic or your tunnel itself is notcoming UP ? Try pasting show crypto isakmp sa and show crypto ipsec sa and also show run

For exempting vpn traffic form ACL check you can try :

sysopt connection permit-vpn global config command

HTH

Vijaya

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents