The VPN tunnel can fail to come up on the router if traffic hits the deny ip any any statement before the permit statements in the access-group bound to the outside interface.
Once the traffic reaches the outside interface of the router, the router checks it against the access-group. If the deny statement comes before the permit statements, the router drops the packet even if interesting traffic is permitted in the permit statement.
In order to resolve this issue, make sure that permit statements come before the deny ip any any statement in the access-group bound to the outside interface.
Here are a few other common reasons:
The wrong IP address is configured in the pre-share key or crypto map.
The crypto map is not bound to the outside interface.
There are mis-matched access control lists on the peers.
Hi All, Can someone please help with the difference between signed and CA certificate to be used in cisco ISE. I think for all the nodes in the deployment must have admin ,EAP authentication certificate for replication and radius auth...
We have a WSA environment with SMA WSA s170 running on 10.1.0-204 SMA running on 10.1.0-037 I am looking for the recommended releases if I go by document there are various options and upgrade path is required. Can we u...
I would like to use an endpoint custom attribute to trigger the network access a device has. So as an example if I have a device that has a endpoint custom attribute of Display, I would like to use that as a condition to assign a specific DACL or vl...
Sehr geehrte Damen und Herren, Ich habe mir den Laptop meines Vaters ausgeliehen und habe mich in meinen Premiumaccount eingeloggt. Jetzt kann mein Vater wenn er eine Email Einladung bekommt und auf Meeting beitreten drückt und dann mit Ap...
Hi, Can someone help me understand the effect of implementing metric in the address family ipv4 rather than in a specific interface.Please see below config for reference. router isis 123is-type level-2-onlynet xx.xxxx.xxxx.xxxx.xxxx.xxnsf ietflo...