Hi there I currently have the following setup
|MAIN SITE (vASA) | -------IPSEC Tunnel------> | SITE A (Fortigate)|
All my users VPN to 'MAIN SITE' using AnyConnect and all their traffic traverses the IPSEC tunnel and out of SITE A. This is achi...
Hi there
I would like to know if its possible to configure Cisco AnyConnect to do basic posture checking (software, av, definitions etc) without the use of Cisco ISE?
Can something be configured on the ASA or in the XML profile?
Kind Regards
...
Hi Rick
I have attached a quick diagram to hep illustrate my scenario.
All VPN clients connect to 'DMZData' interfacedefault static route is on 'DMZData' interfaceVPN traffic connects to Site A using cryptomapsInteresting traffic has remote traff...
Hi Rick
@Richard Burts wrote:So let me try again. In the crypto map you would have something like set peer <IP_siteA> <IP_siteB>
Thank you very much for your help it is a greatly appreciated.
Understood now, yeah unfortunately it looks like IKEv2 ...
Hi Rick Thank you for the clarification.Unfortunately, my site B has a different IP address to site A. In my testing I have noticed that the cryptomap priority will always kick in and therefore my crypto map will continue to try and peer with site A ...
Hi Rick
Many thanks for you response this is hugely helpful.
(especially important is that it uses the same peer address as site A.
Please can you clarify what you mean by peer address? are you reffering to the vASA IP address?
So from wha...
