The VPN tunnel is established. The show crypto ipsec sa command displays decrypts, but not encrypts.
The IP address local pool is configured as part of the internal or Demilitarized Zone (DMZ) subnet. This does not work because the PIX sees the destination address as belonging to the internal or DMZ network and never receives the return traffic, as shown:
ip address inside 10.1.1.1 255.255.255.0
ip local pool vpnclient 10.1.1.200-10.1.1.254
This example does not function properly because the VPN Client pool overlaps the internal IP address range. The results are unpredictable. The Client may disconnect randomly. Even if you do not use any of the addresses from .200 to .254, the configuration does not work. The PIX sees this entire subnet as being located on the inside network, and it does not do Proxy Address Resolution Protocol (ARP) for these addresses.
To resolve this issue, re-address the VPN Client pool with a range that does not overlap any IP address range currently used in your network.
We have three ISE nodes, AN-PRI-ISEPrimary ISE at DCall personas enabled ie. Admin, PSN & MnTAN-SEC-ISESecondary at DCall personas enabled ie. Admin, PSN & MnTDR-ISEHealth Check Node at DRonly PSN is enabled We are using ISE 2.4 with Pat...
HI, I have this weird issue. We have an ASA 5525 and an FMC managing those SFR.Current version of the ASA is 9.8(4) and the FMC has ver. 6.7.0.What happens is the there are some sites that users cannot access.When I checked the logs via ASDM, I see s...
Hi,we have a FMC ver 188.8.131.52 and FTD 5516-x both have been workingCurrently FTD is working with 4 interfaces (outside,outside2,inside,LAN-B,LAN-c). LAN-B and LAN-C are the new interfacesFor hosts the default gateway is a router that also hande MPLS connec...
Hello, When I recently became unable to print on my LAN, and I did some troubleshooting, I realized that 3 copies of the Anyconnect Socket Filter load automatically after each restart, without me having to run the Anyconnect app. It occurs...