We have created an easyvpn between the branch ASA5505 and the HQ ASA5510 which is up, however we can ping a host in the HQ network from the branch network but we cannot ping hosts in the branch network from the HQ network. The ASA5505 has been configured in Network Extension Mode but there is not a route for the branch network in the routing table. As the ASA5505 is actually on a private IP address behind the BT ADSL router do I need to enable any static NAT rules or port forwarding? Also should I being using NAT on the ASA5505 or set it up just for routing.
You can ping successfully from left to right but not from right to left.
Had this been a route issue then PING would not have been successful any way.
We need to check:
1. When you ping from right to left (HQ->BR) ,
- does the packet make it to the HQ FW
- Does the HQ FW encrypts it (do you see increasing TX in ipsec sa (sh cry ipsec sa))
- Do you see increasing RX in the BR (sh cry ipsec SA)
- Do you see increasing TX in the BR (if you see this, that means the echo request made it to the destination and echo reply came back - this probably will not be the case since you are here reading this )
- Does the echo request make it to the actual destination
- Do you see echo reply coming out of the destination
Check for any FW on the destination, If Windows XP and if Cisco VPN client installed, check for Stateful FW option in the VPN client. if on turn it off.
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n...
Question. Our legal folks have asked if it is possible to add a footer to outbound email if it went out via TLS. So if it successfully negotiates TLS, can we add a footer that says "Sent successfully via TLS 1.2". Is this possible? ...
Segmentation Strategy - An ISE Prescriptive Guide
For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document ...
We have the Endpoint purge to delete any thing over 365 days, but this wasn't working as standard since in was installedSo disabled and enabled again and this seem to fix it, as had just under 200k endpoints captured. But it removed all clients that ...
When we unregister FTD from FMC and re-register, all the static routes are lost on it. Sometimes device has database corruption, if re-image is the only solution then upon re-image, FTD comes up fresh and we need to configure everything from scra...