So, to find out what can be the problem, we captured packages on both ASA. Packet from the user come through the 5520 and go to 5550. Next, packets returns from ASA5550 to ASA5520, but they doesn't go to the client.
If a take a look to the logs, it shows that ASA5520 is dropping ESP packets that came from ASA5550 by the default deny rule (the last one):
If you do a "sh run all sysopt", do you see the "sysopt connection permit-vpn" command enabled? This command will prevent you from having to explicitly permit the VPN related protocols through an inbound ACL on the outside of your ASA5520.
BenefitsDocumentationPrerequisiteImage Download LinksSupported PlatformsLimitationsLicense RequirementsTopologyStep-by-step ConfigurationConfigure PATCreate Custom ZonesCreate Class MapCreate the Policy-mapCreate Zone PairAssign the Interfaces to the Zone...
Listen: https://smarturl.it/CCRS9E20Follow us: https://twitter.com/CiscoChampion
With over one trillion email scams per year, more than 22 billion records were exposed by data breaches in 2021. Phishing attacks are clearly on the rise, and they’re e...
Radius server configuration for 802.1X
Server radius test1
Address ipv4 10.1.1.1
Server radius test2
Address ipv4 10.1.1.2
aaa group server radius TEST-gr
server name test1
server name test2
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To...