I have a few dynamic IPSEC tunnels setup for our mobile offices which connect through various data cards.
Here at the main office I have multiple VLANs. 10.10.0.0 LAN, 10.13.0.0 WiFi, 10.9.0.0 AnyConnect clients. One of the mobile offices has an network of 192.168.2.0. When the mobile office is connected via VPN only network 10.10.0.0 can access the the remote office initially. If someone at the mobile office pings a user on the 10.13.0.0 VLAN then all 10.13.0.0 devices can traverse the tunnel.
When I view the session details of the tunnel when it is first created I see only one IPsecOverNatT created for 10.10.0.0. After someone at the remote office ping a user on 10.13.0.0 the session details contain the additional IPsecOverNatT for 10.13.0.0
Is there any way to force the connection to setup the IPsecOverNatT for each network on connect?
That is a setback of dynamic tunnel, it behaves like a remote-access vpn-client. Only remote vpn-end-point can initiate traffic to destination network at first and only after remote-tunnel end-point initiated the traffic to the your local-subnet, only then the traffic flow becomes available both ways.
Traffic cannot flow first from your local-subnet to remote vpn-end points but only other way around.
Or you create a GRE over IPSec, between your remote-end-points and local subnet switch and establish EIGRP neighbor over GRE over IPSec.
in which case, your remote tunnel-end point becomes a routing peer.
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,...
Join us live on Tuesday, May 19th at 10 am PT (and on demand after) as we officially bust the myths around SMBs and cybersecurity. Join our experts for a live Cisco Chat - we'll share some fascinating survey results, and outline key factors for a suc...