Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1028
Views
0
Helpful
1
Replies

Spoke (remote-vpn) to spoke (l2l-vpn) though hub ASA: ipsec-spoof

Jaaazman777
Level 1
Level 1

‎06-22-2012 01:52 AM - last edited on ‎02-21-2020 11:52 PM by Community Manager

Hello!

We have one remote client and one remote office.

Client use remote vpn to connect to central ASA (remote net 192.168.10.0/24)

remote office uses l2l IPsec to connect to the same ASA inteface. (l2l remote net 10.2.2.0/24)

We try to connect this remote vpn client to l2l remote site with no luck

- crypto-acl from both sides are ok

- nat0 is ok

- we also have command same-security-traffic permit intra-interface, which permits communication between peers connected to the same interface

from packet-tracer input outside icmp 192.168.10.1 0 0 10.2.2.1 detail we see

Action: drop

Drop-reason: (ipsec-spoof) IPSEC Spoof detected

How can we solve this problem?

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎06-22-2012 04:21 AM

Do you mind sharing your config, thx.

0 Helpful
Customers Also Viewed These Support Documents