We have multiple route based tunnels from a single ASA to Velocoud devices. All Velo tunnels are exhibiting strange behavior where the IPSec traffic selector gets reset to two /32s, the local and remote peer IP addresses. I have to go in and remove...
Forum Posts
hello all, We have a strainge situation with anyconnect plus remote access. We have FTD and OUtsid Interface (10.10.10.2) , DMZ (10.33.162.0/23) and Inside (192.168.1.0/20). We did the all initial configuration. Infront of ASA ouside interface its a ...
Hello everyone,I'm trying to set up a site-to-site VPN from cisco ASA to Cisco ASR but Phase 1 is down, I check the Phase 1 parameter is ok even though the Key is correct.I attached the config and error message that I'm getting from the ASDM can Yo...
Hello All!I have come across a strange problem related to SCEP.I have an S2S/IPSec tunnel set up with GCP. It is based on VTI. At GCP, I have a CA on Windows Server, in the x.x.x.x.x subnet.When I try to set the SCEP Forwarding URL http://x.x.x.x/cer...
Hi Team, We have an AnyConnect remote access solution on an ASA headend with Split tunneling enabled. We've got tunnelspecified enabled with RFC 1918 permitted over AnyConnect. How do I go about enabling local LAN access ? Configuration snippet:Group...
Hi, I am trying to set up a site to site VPN for one of our client with palo alto. However VPN phase 1 is not coming up and when I ran debug I am getting NO_PROPOSAL_CHOOSEN error even though both side are configured poperly setup is like below || HQ...
I have an HA cluster of ASA5525 Firewalls that have a bi-directional tunnel built to a Cisco ASA5505. I also have a bidirectional tunnel to Auzre and a bidirectional tunnel build to a DR/BR site. These configurations have been working for 2 years w...
Resolved! Import ID Cert
So trying to upload a cert for RA-VPN on FMC. I have a CA authority signed cert already and it is asking for the Identity cert. I have all the certs that were issued, Do i still need to send the CSR to the Cert Authority for a new ID cert? Or is ther...
Resolved! NPS over Site to Site VPN Unreachable
I have a Firepower 1010 which I am trying to add NPS authentication for. The NPS server sites in Azure and the Firepower 1010 in an office and we have a site to site VPN tunnel in place which connects the two already.We've configured the NPS server a...
Windows 10. Network Administrator.AnyConnect started acting up. Error messages include driver failure. Repairing. Failed connection, etc. Another associate has the same problem. Tried uninstalling and reinstalling a version I thought was correct. Aft...
Hello,We are facing weird issue, suddenly working VPN went down, while reviewing, we found that tunnel is up however traffic is not passing. I can see pkts encap:0 and pkts decaps increasing. I have verified ACL/NAT thoroughly but unable to find the...
Resolved! Lossing Child Objects in Site to Site
The tunnel is always up but the child objects keep disappearing from the tunnel.I have to run the packet trace to simulate a PING from the interest IP to the NAT IP to bring the hosts back into the tunnel. firepower# packet-tracer input inside icmp 1...
We are migrating some offices to new C8200-1N-4T routers and in the process we are changing our architecture. We are experiencing an issue where only one of the DMVPN tunnels will function at a time despite both being on separate ISPs and in separate...
I have two head ends that are configured as identical as possible, but one hangs at "Establishing Connection..." for a very long time. After some research, I noticed that the connection time takes exactly 1:41 seconds. I am curious to know what is h...
We are running version 7.0.5 on our FMC and 7.0.4 on our FTDs. We use a local database for VPN authentication. Is there an accepted or best practice when it comes to automatically logging off VPN users who have left themselves logged in? Up until thi...
