These could be among the reasons for this behavior:
An incorrect peer IP address defined in the crypto-map.
The same crypto access-list command might be bound with both the crypto-map entries on the Adaptive Security Appliance (ASA). As a result, the second crypto-map entry is never hit, since the traffic meant for the second peer is matching with the crypto access-list bound with the first crypto-map entry.
To resolve this issue, verify that:
The peer IP is correct.
The access-list command bound with the separate crypto-map entries are different, so that the relevant access-list is hit, as shown:
access-list vpn1 permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list vpn2 permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0 crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto map IPsec_map 10 match address vpn1 crypto map IPsec_map 10 set peer 220.127.116.11 crypto map IPsec_map 10 set transform-set myset crypto map IPsec_map 11 match address vpn2 crypto map IPsec_map 11 set peer 18.104.22.168 crypto map IPsec_map 11 set transform-set myset crypto map IPsec_map interface outside
At this point, you should be able to pass traffic.
Hello, I would like to protect our ASR router (connected to the ISP and the internal network) from Firewall session table flood attacks by configuring Firewall Session table protection. One of the restrictions I found here is https://conten...
Hi, I am looking for backup solution for FTD instance on Firepower device. we are deploying 2 instance of FTD on Firepower device. We are also deploying FTDv in our environment. We are using FMCv on KVM to manage these FTD devices. FMCv doe...
HiI'm facing issues because the users mostly forget to choose the SBL connection before they log into their windows 10 clients.This gives some issues with connections etc.Is it possible to have SBL to run automatically without the user having to enable th...
Guys,Need some help on ISE Authentication Policy, I have integrated ISE with AD and would like to authenticate UserGroup A with Authentication Server A, while UserGroup B with Authentication Server B , means two separate user groups using two different au...
We have about ~110 Cisco Anyconnect clients and management vpn configured + anyconnect cisco umbrella.Works fine for 99% of them.For some we see the randomly following happening: (especially on newer machines)- user tunnel connected.- user disconnects tun...