Assuming that ASA LAN is 192.168.2.0/24 and router LAN is 192.168.1.0/24, the following ACL should be configured:
On the router:
ip access-list extended TUNNEL
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
On the ASA:
access-list outside_1_cryptomap extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
The rest of the other ACL lines that have been configured should be removed. Most importantly, the number of ACL line on the router should match the same on the ASA with mirror image ACL for the subnet.
You also need to remove the following on the ASA as the router is not configured to use PFS:
ISE 3.0 with patch level 3, licenses are showing as "Released for Entitlement" for all term based licenses. This is because of a bug CSCvz33870.I have tried all possibilities, including renewing registration, de registering, resetting, and updating from I...
This month, we're excited to bring awareness to a newly formed partnership between Cisco Secure and IBM.
Securing today's dynamic enterprise applications is critical. With hybrid and multi-cloud adoption, traditional network-based security ran into limita...
Listen: https://smarturl.it/CCRS8E42Follow us: twitter.com/CiscoChampion
APIClarity is an open source, cloud-native visibility tool for APIs. It utilizes a Service Mesh framework to capture and analyze API traffic and identify potential risks.
Hello everyone, A new video in the Cisco Secure Terraform Series has just been published. If you are interested in Infrastructure as Code, and Terraform, you don't want to miss out on this amazing series with Jason "Canadian Bacon" Maynard! Newe...
Whitepaper - Configuring IPsec IKEv2 Remote Access VPN with Cisco Secure Firewall
Abstract / Introduction
There has been recent guidance from the United States National Security Agency (NSA...