I have a routed firewall configuration that requires folks on Inside network to be able to use
IPsec VPN which terminates both at the shared public interface and also other end points.
I can't seem to set the ASA to allow it. I've added a low security IPsec-passthrough-map
which didn't help.
I am fine with globally allowing the use of IPsec from the internal network.
Any ideas would be appreciated.
Is your tunnel UP and you are just not able to pass traffic or your tunnel itself is notcoming UP ? Try pasting show crypto isakmp sa and show crypto ipsec sa and also show run
For exempting vpn traffic form ACL check you can try :
sysopt connection permit-vpn global config command
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: