cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

756
Views
0
Helpful
1
Replies
Highlighted
Beginner

Spoke (remote-vpn) to spoke (l2l-vpn) though hub ASA: ipsec-spoof

Hello!

We have one remote client and one remote office.

Client use remote vpn to connect to central ASA (remote net 192.168.10.0/24)

remote office uses l2l IPsec to connect to the same ASA inteface. (l2l remote net 10.2.2.0/24)

We try to connect this remote vpn client to l2l remote site with no luck

- crypto-acl from both sides are ok

- nat0 is ok

- we also have command same-security-traffic permit intra-interface, which permits communication between peers connected to the same interface

from packet-tracer input outside icmp 192.168.10.1 0 0 10.2.2.1 detail we see

Action: drop

Drop-reason: (ipsec-spoof) IPSEC Spoof detected

How can we solve this problem?

1 REPLY 1
Cisco Employee

Spoke (remote-vpn) to spoke (l2l-vpn) though hub ASA: ipsec-spoo

Do you mind sharing your config, thx.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here