We are currently in the process of migrating a number of S2S VPNs from ASA to Firepower. All have been successful, other than one.
The issue with the one that isn't working is the following:
-Tunnel forms both phase 1 and 2
-Traffic traverses VPN successfully.
-Remote location has ping connectivity over VPN
-Incoming traffic is unable to come in via the VPN on other ports e.g. 3389 RDP. I have no visibility of this traffic either.
I am having trouble diagnosing the problem as I don't have a visual live log. I have carried out packet captures however I see nothing. In FMC in the event viewer I see the ICMP traffic being permitted through, however nothing else regarding the failed traffic.
I applied an ACL permitting all traffic from the remote end, so my ACL is allowing everything. And I have set the ACL to trust which will bypass our IPS to ensure that isn't blocking any incoming traffic.
Application Protection, Availability & Security
Join our webinar May 6th to gain valuable industry insights into the most recent application cyber attacks and to understand the potential impact bot traffic is having on your business.
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS...
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...