I'm having an issue with a cloud provider that will not allow traffic to be initiated from their end on a certain SA.I did the debug 1(27) and see my ASA reaching out and them essentially timing out. I've read about this and even TAC confirmed what I was seeing, so the only fix is to initiate a ping from the box itself as I'm only allowing one specific host to this cloud, as it runs through a hub and spoke VPN. The box in question is a linux box that I don't have access to, so if it were ever to stop then that SA would come down. I was thinking about doing an SLA from the far end ASA, but I you can't do a specific source SLA on an ASA, correct? I realize I could open it up to the entire range, but was wondering if anyone had any thoughts on this?
I think as per the requirement , you want the traffic to be initiated from the ASA outside interface for the tunnel to stay up. I think if you configure the SLA in the Outside interface that should generate the necessary ICMP request to keep the tunnel UP and you can change destination as the VPN peer.
Right, but that's assuming I'm allowing all traffic from a certain segment. For example, if I'm only NAT'ing a specific host, say 10.13.20.5 to 10.5.0.0, then I would have to open up to all of 10.13.20.x/24 as I don't believe there is a way to setup an SLA to source from just 10.13.20.5,correct?
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
ISE Node Terminology
Policy Administration Node
Monitoring & Troubleshooting Node
Policy Services Node
Platform Exchange Grid Node
The single plane of glass for ISE administration and configuration operatio...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...
About this Document
Cisco Secure Endpoint (formerly AMP for Endpoints) is a comprehensive Endpoint Security solution designed to function both as a stand-alone tool, and as a part of the architecture of natively integrated Cisco and 3rd par...