I am trying to have a new VPN profile on a ASA 5520 at one of my remote sites authenticate to an RSA server in our main data center. The sites are connected via MPLS. I have set my SDI interface to the MPLS interface, verified the settings in RSA, and verified all the SDI settings. My issue is everytime I try and do the Auth test with a legit user I recieve:
ERROR: Authenication Server not responding: No Error
I next began checking NATs, and routes and verified all was in place. I set up a packet capture on my remote office ASA on the MPLS interface, and on the main DS MPLS and inside (where the RSA server resides) interface. Below is the capture:
So the network is ruled out as I am seeing all the packets at each interface. When I run a packet tracer fromt he remote office ASA I get the packet dropped due to a configured ACL rule. (the default deny) However I have a permit IP any any on the MPLS interface, and if the packet were actually getting dropped, then the packets would not show up in the packet capture.
Any ideas? I am banging my head against a wall here.
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/ciscochampions
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of d...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...
IntroductionRequirementsWhat problem does CSDAC solve?CSDAC ComponentsConfiguration CSDAC Login Connector AdaptersCSDAC WorkflowFMC Policy Configuration with Dynamic ObjectsUse Case: Blocking IP address using dynamic object without a policy push