We have the tunnel up from our ASA to Azure. They are saying we are missing a rule to allowing traffic from their subnet (10.10.10.0/24) into our network. What rule would I have to create to allow this to work?
Have you configured policy-based(crypto map) on routing-based(VTI) VPN?
1. For crypto-map, ensure that in the crypto ACL (the one referenced in your crypto map) you have several entries to match on the traffic from your internal network to Azure, for VTI ensure all traffic to be secured is routed over the VTI.
2. Ensure this traffic is exempted from NAT
3. Ensure that if you applied a VPN filter at the group-policy level, it allows traffic
4. Do you have any ACL's applied globally or at the interface level? What is the output of "show run all sysops"?
Threat Response integrates with Cisco's Web Security Appliance (WSA) to provide visibility into web-bourne threats. By adding a Web Security or SMA Web module to Threat Response, investigators will be able to search for domains, URLs, and file hashes th...
I was helping some friends and they were trying to solve a scalable VPN issues, specially these days with the pandemic situation.
I recommended to implement ASA VPN Load-Balancing.
This will allow to keep 1 FQDN for all RA-VPN users an...
Purpose of this article is to share our experience during that Covid-19 period where we were able to successfully setup a VPN configuration for remote worker using Alcatel 8068S phones with FTD 2110 running 220.127.116.11.I would like to thank all of my colleagu...
For additional advanced ISE related Tips, please visit Advanced ISE tips to make your deployment easier document
Downloadable URL-Redirect ACL with ISE
If you have ever configured central web authentication with ISE you understand that it requires...
Cisco Defense Orchestrator (CDO) is a cloud-based multi-device manager that can manage security products like the Adaptive Security Appliance (ASA), the Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.&nb...