Router has a DMVPN connection to a hub and NAT overload (PAT) using a route-map. Problem is that certain packets are showing in the log as being denied by the ACL used by the route-map. Traffic over the DMVPN and general Internet access are good. Configuration as follows:
interface Tunnel0 bandwidth 10000 ip address 172.29.99.22 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication <snip> ip nhrp map 172.29.99.1 <snip> ip nhrp map multicast <snip> ip nhrp network-id <snip> ip nhrp holdtime 600 ip nhrp nhs 172.29.99.1 ip tcp adjust-mss 1360 qos pre-classify tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key <snip> tunnel protection ipsec profile <snip>
interface GigabitEthernet0/0 description TO CHARTER CABLE MODEM ip address dhcp ip access-group INTERNET-IN in ip nat outside ip inspect BR-FW out ip virtual-reassembly in duplex auto speed auto no cdp enable no mop enabled
ip nat inside source route-map cc-term interface GigabitEthernet0/0 overload
route-map cc-term permit 10 match ip address 195 set ip next-hop dynamic dhcp
access-list 195 permit ip host 10.22.40.250 any access-list 195 permit ip host 10.22.50.150 any access-list 195 deny ip any any log
First log is ESP (protocol 50) and the second log is, I believe, ISAKMP (UDP 500). These logs show up in about 4 minute intervals.
#sh route-map route-map cc-term, permit, sequence 10 Match clauses: ip address (access-lists): 195 Set clauses: ip next-hop dynamic dhcp - current value is <GI0/0 Next-Hop> Policy routing matches: 0 packets, 0 bytes
#sh ip nat transl Pro Inside globalInside local Outside local Outside global tcp <GI0/0 Address>:36680 10.22.50.150:36680 188.8.131.52:443 184.108.40.206:443 tcp <GI0/0 Address>:36681 10.22.50.150:36681 220.127.116.11:443 18.104.22.168:443 tcp <GI0/0 Address>:36682 10.22.50.150:36682 22.214.171.124:443 126.96.36.199:443
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
ISE Node Terminology
Policy Administration Node
Monitoring & Troubleshooting Node
Policy Services Node
Platform Exchange Grid Node
The single plane of glass for ISE administration and configuration operatio...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...
About this Document
Cisco Secure Endpoint (formerly AMP for Endpoints) is a comprehensive Endpoint Security solution designed to function both as a stand-alone tool, and as a part of the architecture of natively integrated Cisco and 3rd par...