access-list 100 deny ip 192.168.168.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 100 permit ip 192.168.168.0 0.0.0.255 any
Your Crypto ACL should be,
access-list 101 permit ip 192.168.168.0 0.0.0.255 192.168.0.0 0.0.255.255
So this is how it works, when outbound packet hits the internal interface it will check the routing table and will pick the default gateway route via your Internet link.
We have NAT outside enabled on that interface... It will then check if the NAT ACL passes.. in your case only the traffic from local subnet to other places excluding the Main office range will be permitted for NAT.. so if your packet is destined to internet it will then get NAT/PAT'ed out.
If the packet is destined to the main office, it will NOT get NAT'ed and will proceed and will see the Crypto MAP configured on the outside interface... will check the Crypto ACL.. which is a pass.. this will then get encrypted and be sent through the IPSec tunnel.
It is important to make sure that you have the mirrored Crypto ACL configured on the Main office side.. otherwise you will run in to issues.
Hope this helps.. let me know if you need more information on this..
Cisco DNA Center version 2.2.2.x includes the features and improvements that
New intelligence provides an easy, gradual, and complete adoption of SD-Access. Faster Cisco DNA Center set-up saves time and effort.
When using Cisco cellular modules with a SIM card an APN must be provided. The APN cannot be stored in the SIM card and is supplied by your SIM card provider. Cisco cellular software contains a database of well-known APNs based on the country and ...
Cisco 3850: IOS-XE/Firmware Upgrade
This procedure is aimed at Cisco 3850 switch ONLY.
IOS-XE Bundle Mode is not covered.
9300, 9500 (vanilla & high-performance), ISR 1k, ISR 4k and ASR is not covered.
Listen: https://smarturl.it/CCRS8E46Follow us: twitter.com/ciscochampionsIt’s been several years since the release of Cisco DNA Center, and it’s matured into a complete network management system, an automation and orchestration engine, an AI/ML analy...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...