We have a Cisco ASA 5520 running the ASA 8.25(x) software and we are trying to build a IPSec VPN tunnel to a site that uses a Cisco 7206. We can build PHASE 1 just fine but we are getting errors on PHASE 2. The problem seems to be that the outside interface on the ASA has a non-routable IP that gets NAT'ed to a routable IP through a Juniper firewall. The Cisco 7206 sees the physical IP of the ASA which is not the same as the peer IP and fails to build PHASE 2.
Now, we have over 120 IPSec VPN tunnels on our ASA and it works fine. We have had this similar issue come up before (mostly with SonicWalls) and we normally get the client side to enter our ASA physical outside interface IP in their peer id validation field which normally fixes the problem. Unfortunately, I don't have control on the Cisco 7206 side nor do I have access to the logs but the site assures me that they are seeing my physical interface IP instead of the routable outside IP when the tunnel tries to build.
Does anyone know if the Cisco 7206 has the ability to enter the peer ID and what the command would be? The administrators of the 7206 also have some existing VPN tunnels that are working but they have never encountered this particular issue and are unfamiliar with this problem.
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
A More Intuitive Cognitiv...