About Stefan Menning

Stefan Menning · 05-27-2015

Hello everybody, we are running a Cat6500 VSS (IOS 15.1SY) and would like to configure IPSec protected Virtual Tunnel Interfaces (VTI). But in Tunnel Interface config mode I have no "tunnel mode ipsec" or "tunnel protection" commands available. Also ...

Stefan Menning · 10-16-2015

Hi,adding to the answer of Ganesh, you should also use: same-security-traffic permit intra-interface on the ASA in global config mode. This enables the asa to send traffic out off the same interface that it was received on. Default asa behavior is to...

Stefan Menning · 06-11-2015

All traffic matching access-list vpn-nat-to-partner will be NATed to 192.168.86.0-pool.So yes, 192.168.7.11 will be NATed (but only) when it connets to IPs in the 10.10.86.0-net.If you wish to exclude clients from this policy NAT, you will need a dif...

Stefan Menning · 06-11-2015

Ups, yes you are right - I was expecting ASA OS 8.3 or later. then you need to use policy nat access-list vpn-nat-to-partner permit ip object-group INT_INTERNAL 10.10.86.0 255.255.255.0global (outside) <num> 192.168.86.0 netmask 255.255.255.0nat (in...

Stefan Menning · 06-11-2015

I seems like you are missing a space between "nat" and "(inside,outside)", the rest of the command looks good.

Stefan Menning · 06-03-2015

I am not sure, if I understand you correctly. The remote (partner) network is 10.10.86.0/24. The partner only allows access from your networks:-192.168.7.0/24-192.168.50.0/24-192.168.86.0/24Now you want to access from all your private 192.168.0.0/17 ...

Member Since	‎10-27-2010 06:44 AM
Date Last Visited	‎02-23-2024 12:04 AM
Posts	11

User Statistics

User Activity

IPSec VTI on VSS

Hi,adding to the answer of

All traffic matching access

Ups, yes you are right - I

I seems like you are missing

I am not sure, if I