VPN

VTI tunnel problem

Hi all,We have VTI tunnels between Cisco (3825 and 878) and Juniper (SRX3600).Sometimes tunnel is going down and I should manualy shutdown and no shutdown tunnel interface to bring it up.This is logs from Cisco:%%crypto-4-recvd_pkt_inv_spi: decaps: r...

Resolved! VTI tunnel & OSPF

Hi all,I have configured VTI tunnel interfaces (tunnel mode ipsec ipv4) and OSPF on that interfaces.VTI is encrypting all data traffic. But what about OSPF traffic?Is OSPF traffic encrypted also or I need to configure OSPF authentication?Thanks

Packets dropped at encryption stage.

I am truly struggling with the changes after 8.21. I am trying to get a VPN up between two sites. This is the B end, I am sure there are a bunch of problems in the other end too. Eg. the tunnel NAT does not have the right priority 1.when I establish ...

Resolved! Routing Betwen IP on ASA for SSL VPN

I have a question let say internal network DHCP is 192.168.0.0 and if you configure SSL VPN on ASA to assign ip from 10.0.0.0 network where routing needs to be configured so the client can route between network ? 2. lets say im using 192.168.10.0/....

Can't ping inside interface Site-to-Site VPN

Hi,I have configured a site-to-site vpn between to sites: A and B.Site B (172.19.16.0/20) can't ping the inside interface of the Site_B's firewall (192.168.13.254)Can you help me to set the inside interface as pingable (192.168.13.254)Result of the c...

Resolved! Cisco Router Site 2 Site Tunnel

I have 2 Cisco routers , 1841 and 2811 , I need to setup site to site VPN , but i dont now some how it just does not seems to be working , Find attached the Configuration along with the <----- 172.31.1.0/24----- DG:172.31.1.1>Cisco 2811<Dialer...

3 DMVPN Tunnel with different encryption to the same destination

Hi All,i have a general Question regarding buildings SA´s between two peers.Can I establish more than one SA between two Peers with the same IP Address?Actually I have 3 DMVPN´s running in parallel in different VRF´s using the same SA.They have all t...

Microsoft Outlook not connecting through VPN

I have a Cisco 3000 VPN that I connect to from home but my I can't get my Microsoft outlook 2007 to connect and send/receive mail. Anyone have any suggestions? Is it a setting in the VNP or in my outlook?

Hardening Interface used for VPN

Are there "must do's" on outside interfaces used for Site to Site VPNs? There is no NAT used on the interfaces. Looking for advice on what I should be applying to the interface in terms of ACL. At the moment,the only thing I have applied is to allow ...

Resolved! Bring up crypto map vpn tunnel without interesting traffic

Is there a way on ASA to bring up site-to-site static crypto map vpn tunnel without generating interesting traffic? I want reverse route injection generate dynamic route before traffic starts flowing.

Resolved! ipsec proxy-id problem

I am trying to create a site-to-site l2l vpn and phase 1 completes fine but when validating the proxy-id in phase 2, the id is not being set correctly.here is the config:access-list ssatunnel extended permit ip 10.1.10.0 255.255.255.0 x.x.x.32 255.2...

Client VPN with existing STATIC NAT for other VPN tunnel

Hi All,I have a situation where i need to NAT all the Server IP in LAN to another IP range due to NSOC monitoring. On top of that, i need to create a Client VPN setup at the same router. I managed to configure it, but not able to PING any of the inte...

Anyconnect drops connection

Hello All, I have 3 pc's behind D-link DIR-655 Router. Those 3 pc's can connect trough VPN using anyconnect client to an ASA but just only the first time when I reboot the D-Link router. After they disconnect from the VPN the next time (Second attemp...

Why DMVPN contains GRE ?

I read that tunnel GRE,provides the possibility to use dynamic routing protocol such as EIGRP or OSPF ,because IPsec doesn't support multicast and broadcast which are used by theses protocols,i read about the gre encapsulation,but i don't understan...

ASR901 support IPsec gdoi

Hi,I'm trying to setup a GDOI based IPsec connection between a cisco AS901 (advanced Metro lic - asr901-universalk9-mz.152-2.SNI ) and a 7606-S.What I see is that the ASR901 is capable of decrypting the IPsec packet but I cannot encrypt the ICMP pack...

Forum Posts

VTI tunnel problem

Resolved! VTI tunnel & OSPF

Packets dropped at encryption stage.

Resolved! Routing Betwen IP on ASA for SSL VPN

Can't ping inside interface Site-to-Site VPN

Resolved! Cisco Router Site 2 Site Tunnel

3 DMVPN Tunnel with different encryption to the same destination

Microsoft Outlook not connecting through VPN

Hardening Interface used for VPN

Resolved! Bring up crypto map vpn tunnel without interesting traffic

Resolved! ipsec proxy-id problem

Client VPN with existing STATIC NAT for other VPN tunnel

Anyconnect drops connection

Why DMVPN contains GRE ?

ASR901 support IPsec gdoi

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

VPN Site to Site Monitoring UI not showing after upgrading to FMC 7.4

Request AnyConnect Beta releases

AnyConnect VPN Client Software panel icon

Firepower attribute mapping

Cisco Secure Client - Downloader notification/Popup disable?

Cisco VPN Issue

NO Cyrpto IKEv2 Encrption AES command found

IPSEC Tunnel having Spoke Side Ipv4 and Hub side IPv6

ASA L2L VPN, How to Fail Back

BGP VPN BETWEEN FTD AND GOOGLE CLOUD PLATFORM