Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
1
Replies

Allowing traffic in from Azure to ASA 5545X

KCMM14457
Level 1
Level 1

‎03-26-2020 11:20 AM

Hello,

 

We have the tunnel up from our ASA to Azure. They are saying we are missing a rule to allowing traffic from their subnet (10.10.10.0/24) into our network. What rule would I have to create to allow this to work?

 

Thank you,

Labels:
0 Helpful
1 Reply 1

Cristian Matei
VIP Alumni
VIP Alumni

‎03-26-2020 11:54 AM

Hi,

 

  Have you configured policy-based(crypto map) on routing-based(VTI) VPN?

        1. For crypto-map, ensure that in the crypto ACL (the one referenced in your crypto map) you have several entries to match on the traffic from your internal network  to Azure, for VTI ensure all traffic to be secured is routed over the VTI.

         2. Ensure this traffic is exempted from NAT

         3. Ensure that if you applied a VPN filter at the group-policy level, it allows traffic

         4. Do you have any ACL's applied globally or at the interface level? What is the output of "show run all sysops"?

 

Policy-based Guide and Route-Based Guide

 

Regards,

Cristian Matei.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents