04-03-2024 02:22 PM - edited 04-09-2024 06:37 AM
04-04-2024 07:04 AM
04-03-2024 03:00 PM
The traffic never hit the ACL'
And the reason I think is ypu config ACL wrong
The ACL must permit local-lan to remote-lan ONLY
As I see you config ACL permit local to remotr and then remote to local!!!
That wrong
MHM
04-03-2024 03:10 PM
04-03-2024 03:14 PM
access-list Zone-VPN extended permit ip object OBJ-SITE-ASA object OBJ-SITE-PARTNER
access-list Zone-VPN extended permit ip object OBJ-SITE-PARTNER object OBJ-SITE-ASA
!
access-list VPN-INTERESTING-TRAFFIC extended permit ip object OBJ-SITE-ASA object OBJ-SITE-PARTNER
Two first ACL line for traffic from lan to.remote and from remote to lan pass Zone.
Last acl line for interest traffic which ypu use in crypto map.
MHM
04-03-2024 03:45 PM - edited 04-09-2024 06:35 AM
ok
04-03-2024 03:53 PM
access-list Zone-VPN extended permit ip object OBJ-SITE-ASA object OBJ-SITE-PARTNER <- this need from dmz to outside
access-list Zone-VPN extended permit ip object OBJ-SITE-PARTNER object OBJ-SITE-ASA <- this need from outside to dmz
And share last config of ipsec ikev2
MHM
04-03-2024 04:01 PM
04-04-2024 12:06 AM
there is confuse in ACL to permit traffic and used for IPsec so I draw below topology
04-04-2024 06:26 AM - edited 04-09-2024 06:36 AM
ok
04-04-2024 07:04 AM
You are so so welcome
Have a nice day
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide