Have a look at :-http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_overview.htmlbut I would suggest creating a new thread so that it has more visibility.
Great news, vinovinom.The debug crypto isakmp 255 and debug crypto IPsec 255 commands can help determining phase 1 and phase 2 problems. There can be a lot of output in the debugs, but a good root around usually helps diagnosing the issue.Glad I cou...
I would check the following, it might give you an insightsh asp drophttp://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/s2.html#wp1391007sh service-policy globalhttp://www.cisco.com/c/en/us/td/docs/security/asa/asa81/com...
The ASA won't block any cypher suite unless its specifically configured to terminate the TLS/SSL session,.At a guess its probably being directed to a server that does not support that cipher suite.