The configuration did not have a nat (inside) 0 command to an Access Control List (ACL) to designate that the traffic from the internal subnets destined for the VPN pool would not have Network Address Translation (NAT) applied. The return traffic was using NAT and the connection was failing.
Create an ACL that permits the internal subnet to the VPN pool, and then point the nat (inside) 0 command to that ACL.
A partial sample configuration follows:
ip address inside 10.1.1.1 255.255.255.0
ip local pool vpnpool 192.168.1.1-192.168.1.254
access-list nonat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
I'm messing around in lab and trying to get the FTDv to do jumbo frames. According to the documentation its pretty simple but I've not had any luck. I set the MTU on the Interface to 9000 and FMC said it was enabling jumbo frames and to reboot...
Hi All, Can some advise on the design strategy for large scale deployment. We are trying to deploy a 28-30 node deployment with individual nodes in DC and DR and some dedicated local PSNs as VM in critical sites so that local user authenti...
Hello,I have a question regarding HA setup within a LAN, in a scenario where there are 2 main buildings. I'm curious as to how this would be best achieved through either configuration or from a design standpoint. I have attached an image showing the setup...
Hi,Good day I was trying to set-up Cisco ESA C390 in one our data center but I'm having issues establishing connections to external and public mail servers. Below is the error when I tested SMTP ping via CLI: Starting SMTP test of host alt1.gmai...
Hi All I would like to know if the firepower 4100 setup in Active-Passive, so if the uplink switch in VSS, combine 2x 40G uplink to the Firepower pair. QuesionFirepower Active-Passive setup, what would the real time interface bandwidth would be ...