Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hey Folks,
So I have a bit of an odd issue with an ASA tring to reach Link Local addresses (Two switch IPs and HSRP address).
Pings to/from the firewall using the global IP are working, however pings to the LL IP are not.
When I ping the HSRP IP from...
You are quite right in that VPN filters do work both ways, but in my experience they can become very messy when doing this, for example you end up with lots of rules like this:
FW1---access-list VPN-FILTER extended permit tcp host 10.10.10.10 host 19...
Well there's plenty of people around to help you make sense of them
The 5505 is different to the rest of the ASA family in that it also has a built in switch. Typically in my experience you would configure SVIs on the firewall rather than on the sw...
It's worth noting that you dont HAVE to use subinterfaces - if you switch ports are in access mode then you will only set the VLAN on the switch.
If however you are using an 802.1q trunked interface (with a switch that can do this) and you want to ca...
Just for the sake of completion, there are actually 2 ways you can achieve this.
As you have noted; unless you disable the sysopt connection permit-vpn setting, ALL traffic which matches the crypto ACL for that peer is allowed over the VPN by default...
Are the ports actually listening on the server?
If it's actually specifying CLOSED, then this could suggest you got an actual response such as a TCP reset.
FILTERED would be different
What happens when you try to telnet to the public IP on these port...
