Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2410
Views
0
Helpful
2
Replies

ASA 9.1 Packet Flow Query

Mohammed Ashraf Ali
Level 1
Level 1

‎02-15-2016 07:06 AM

Hi All,

I have Cisco ASA firewall running 9.1 ios, with IPSec tunnel terminated on Outside interface which is up, the interesting traffic from other side peer is sourced with 192.168.10.2 to destination 172.16.10.2,  And the ip 172.16.10.2 is Static NAT with 10.10.10.2 (Outside to Inside interfaces) at my End.

So Can some body Please explain me below points in this scenario.

1. what is Order of operation or Packet Flow for ASA 9.1 on outside interface with IPSec tunnel terminated on it.

2. Should my Access list on outside interface be with source 192.168.10.2 to Destination 10.10.10.2 ? , if i want to apply a filter.

Thanks in Advance.

 Ali.

Labels:
0 Helpful
2 Replies 2

jj27
Spotlight
Spotlight

‎02-15-2016 08:47 AM

Your ACL should reference the real private IP address as the destination because NAT is processed before ACLs.  

0 Helpful

Mohammed Ashraf Ali
Level 1
Level 1
In response to jj27

‎02-15-2016 10:01 AM

Thanks ,

could you brief me with packet flow list for 9.1 ios on outside interface with IPsec.

0 Helpful
Customers Also Viewed These Support Documents