About Stefan Menning

Stefan Menning · 05-27-2015

Hello everybody, we are running a Cat6500 VSS (IOS 15.1SY) and would like to configure IPSec protected Virtual Tunnel Interfaces (VTI). But in Tunnel Interface config mode I have no "tunnel mode ipsec" or "tunnel protection" commands available. Also ...

Stefan Menning · 01-16-2025

Hello everybody,this thread is a little bit old, but we read it and now found a solution for the problems. And really the solutions are both already in here. It seems Cisco is using USB chips from two different vendors, an for each you need a differe...

Stefan Menning · 10-16-2015

Hi,adding to the answer of Ganesh, you should also use: same-security-traffic permit intra-interface on the ASA in global config mode. This enables the asa to send traffic out off the same interface that it was received on. Default asa behavior is to...

Stefan Menning · 06-11-2015

All traffic matching access-list vpn-nat-to-partner will be NATed to 192.168.86.0-pool.So yes, 192.168.7.11 will be NATed (but only) when it connets to IPs in the 10.10.86.0-net.If you wish to exclude clients from this policy NAT, you will need a dif...

Stefan Menning · 06-11-2015

Ups, yes you are right - I was expecting ASA OS 8.3 or later. then you need to use policy nat access-list vpn-nat-to-partner permit ip object-group INT_INTERNAL 10.10.86.0 255.255.255.0global (outside) <num> 192.168.86.0 netmask 255.255.255.0nat (in...

Stefan Menning · 06-11-2015

I seems like you are missing a space between "nat" and "(inside,outside)", the rest of the command looks good.

Member Since	‎10-27-2010 06:44 AM
Date Last Visited	‎05-09-2025 02:31 AM
Posts	12
Total Helpful Votes Received	3

User Statistics

User Activity

IPSec VTI on VSS

Re: 9200CX Console port - USB MICRO

Hi,adding to the answer of

All traffic matching access

Ups, yes you are right - I

I seems like you are missing