Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Good day. We have cisco 3825 router terminating l2l ipsec vpn from about 20 remote sites. Sometimes (once - twice a week) the tunnel with random site goes down and cannot be reestablished. The strange thing is that i can't see any traces of activity ...
Good day .Im capapble to connect my remote asa5505 with local asa 5510 , using certificates . However when im trying to connect remote asa 5505 with local 3825 router (enrolled with the same ca server as 5510) im geting "Unable to compare IKE ID agai...
Good day everybody.We have several vpn tunnel connecting head office with branches using ASA 5500 devices . The tunnels work fine , but recently i see the subject error messages from both end devices of one tunnel. Tunnel itself is still operational ...
Good evening everybody . I have some strange problem with PBR setup on 3825 . Here is the part of the config :interface GigabitEthernet0/0.X encapsulation dot1Q X ip address x.x.x.x ip flow ingress ip flow egress ip nat inside ip virtual-reassembly z...
Good day .Our topology is : ----1841----ISP1 |ASA5510--- | ----1841----ISP2We use EIGRP for routes redistribution.Both 1841 has static nat rules for our inside services. When outside client is trying to connect to on...
Hello, Giuseppe.Actually i can see my next-hop mac adresses in arp table after reload , so i guess there is something else .EDIT:Actually my mistake , this really was the arp problem . Thanks for help.Thanks in advance. Dmitriy.
Seems like routing to me as well . Is there a way to configure asa route incoming sessions back to the router they were orginated from (topology with 2 ISP)?
hmm , dont think its exactly our case . Basicly we have 2 different outside adress pools , translation from each of them leads to one inside host , but it seems that ASA routes all outgoing nat translations only over one pool . __________________--18...
It will take some time to clear configs . The thing is that we actually can ping remote network from any local host or server (included in crypto map ofc). Basicly the only problem we encountered is when the asa itself is trying to contact remote hos...
