I tried to configure a Site-to-Site VPN using an ASA 5520. The remote peer (Draytec 2950) has an internet connection using dynamic ip addresses. At my ASA I did create an connection profile. If I set the current wan-ip-address of the remote peer the tunnel will become active and the site-to-site vpn is working fine. But if I disable 'Peer IP Address = static' at the connection profile, the vpn will not work...
Aug 1 09:24:15 ASA-5520 :%ASA-vpn-4-713903: IP = <current-wan-ip-of-remote-peer>, Header invalid, missing SA payload! (next payload = 4)
Aug 1 09:25:00 ASA-5520 :%ASA-vpn-4-713903: Group = <current-wan-ip-of-remote-peer>, IP = <current-wan-ip-of-remote-peer>, Can't find a valid tunnel group, aborting...!
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...
What Is Cisco Identity Services Engine?
Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and Virtual Private Networking (VPN) access.
Cisco ISE offers...
To participate in this event, please use the button to ask your questions
(This event was formerly know as Ask the Expert event)
This topic is a chance to discuss more about the best configuration and troubleshooting pr...