cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
119
Views
0
Helpful
1
Replies
Highlighted
Beginner

Allowing traffic in from Azure to ASA 5545X

Hello,

 

We have the tunnel up from our ASA to Azure. They are saying we are missing a rule to allowing traffic from their subnet (10.10.10.0/24) into our network. What rule would I have to create to allow this to work?

 

Thank you,

1 REPLY 1
Highlighted
Rising star

Re: Allowing traffic in from Azure to ASA 5545X

Hi,

 

  Have you configured policy-based(crypto map) on routing-based(VTI) VPN?

        1. For crypto-map, ensure that in the crypto ACL (the one referenced in your crypto map) you have several entries to match on the traffic from your internal network  to Azure, for VTI ensure all traffic to be secured is routed over the VTI.

         2. Ensure this traffic is exempted from NAT

         3. Ensure that if you applied a VPN filter at the group-policy level, it allows traffic

         4. Do you have any ACL's applied globally or at the interface level? What is the output of "show run all sysops"?

 

Policy-based Guide and Route-Based Guide

 

Regards,

Cristian Matei.