Seems to me that the internal host is probably trying to connect to some remote host and the ASA receives a Type 3 Code 3 ICMP error message that tells that the remote host in unreachable or the destination port was not listening/replying to a connection attempt.
Does the output of "show run policy-map" show a "inspect icmp error" configuration under it? To my understanding it not enabled by default. Also "inspect icmp" is not enabled by default.
But as I said, to my understanding the message tells us that the ASA can not see a matching connection to which this ICMP Error message corresponds to. It might be because missing the "inspect icmp error". I am not really sure. The actual ICMP error message incoming seems to suggest that your internal host(s) are trying to connect to some remote host that is not accepting the connections or just is not listening on that port.
I am involved in rolling out about 40 wifi networks using cisco 3602/2802 aps and cisco 5508 ISE. Our network offers a 2 step authentication with user and machine certificates as well as users needing to be in correct AD groups. The problem we have i...
ASA Site-to-Site VPN using IKEV1 Configuration Example
Configure a Site-to-Site IPSec IKEv1 Tunnel Between an ASA and a Cisco IOS Router
Site-to-Site IKEv2 Tunnel between ASA and Router Configuration Examples
Site-to-Site VPN Tunnel wit...
Dear Community, So, according to the Cisco ISE Release 2.7 Administrator Guide, it should be possible to use a remote lock/wipe on MDM-devices that connect through ISE on the network( see the screenshot in the attachment).The problem is that th...
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l...
Hi Everyone, Does anyone know if it is possible create a NAT for Cisco Anyconnect to a different IP so that the user doesn't have to use the External IP? We want to use a different dns name and assign to a different set group of users. Thank you...