Hello,we have an l2l-ipsec tunnel between an ASA5520 and an ASA5505.Both devices have configured: crypto ipsec df-bit clear-df outsideWhen I copy files over the tunnel to a file server (CIFS),the windows client sometimes stops with an error me...
We have a L2L tunnel between our main site an a branch office.All traffic from the branch office is sent through the tunnel usingan access list with "any" as destination: access-list tunnel-acl extended permit ip 10.0.1.0 255.255.255.0 any ... crypt...
Hi Magnus,our ASA is located behind an access router. The transfer network between the routerand the ASA uses private IP addresses. The access router routes a network of publicip addresses to our ASA.I want to assign a public IP address to the ASA an...
> You can try a deny line as the first line in the ACL - though we typically don't recommend this. cool, I will try it. I guess that the deny rule is only needed at the branch asa.We have to keep the "any"-rule because also the internet trafficshou...
The tunnel end points are two ASA5510.For remote-access tunnels one can define alist of networks to be excluded for split-tunneling.I wonder how this can be realized for l2l tunnels?
Nice idea. But I'll follow your comment to better use a public IP address on the outside interface.Regrettably there seems to be no solution, to use an alternative or virtual ip addressfor the vpn tunnel endpoint.Thanks for all answers.Regards,Mark
