I got a situation with an IPsec Tunnel and i don't know what else I need do, this is the situation:
I already configured a VPN Tunnel between my Cisco ASA and a Fortigate 100D everything is up (Phase 1 and Phase 2), this tunnel was created because we need to monitor 5 devices (couple of switches and a call manager) the devices that we already monitoring are the Switch Core (10.0.5.20) and the Call Manager (10.0.5.21) (the IPs are not the real ones is just for information) but we got problems trying to reach 3 Switches that are on a different network (10.0.1.x)
When i send a ping from my server (172.26.5.80) to one of the devices let's say 10.0.1.5 I see that the packet reach the Cisco asa and send it through the Tunnel but on the Fortigate side they don't see anything they only see the request to the IPs 10.0.5.20 and .21
If I execute the ping backwards i mean from the 10.0.1.5 to my server 172.26.5.80 it doesn't respond until i execute a ping from my server to the switch looks like it's waiting to see the communication open on the Tunnel
About the configuration on both sides we already checked and everything looks good.
I hope all of you understand what i tried to explain.
I think i found the issue, on the Fortinet side the admin was using "named address" something like object groups and this can cause some issues in the VPN crypto map. I'm asking to the admin to change the "named address" to the IP address. I will let you know how it goes.
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 126.96.36.199Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 188.8.131.52R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...