Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1935
Views
5
Helpful
3
Replies

EoIP mobility tunnel and FW rules

Go to solution
pallaruelo
Level 1
Level 1

‎09-23-2015 01:13 AM - edited ‎07-05-2021 03:59 AM

Hello,

 

I have a question, which equipment initiates the data path EoIP tunnel between a corporate controller and a guest controller located in a DMZ ?

 

Main Controller (Trusted Zone) <----->Firewall ASA5505<----->Guest Controller (Untrusted Zone)

 

Thank you in advance for your answer.

Franck.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎09-30-2015 08:02 AM

I agree with Rasika. Allow either side to send the traffic.

 

but IIRC, the lowest MAC address, per pair, is the one that initiates the EOIP tunnel.

 

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rasika Nayanajith
VIP
VIP

‎09-23-2015 02:21 PM

I would open EoIP (IP protocol 97) and UDP 16666 in both directions.

HTH

Rasika

Go to solution
pallaruelo
Level 1
Level 1
In response to Rasika Nayanajith

‎09-30-2015 07:46 AM

Hello Rasika,

 

That's I noticed too on the ASA5505.

 

Many thanks,

Franck.

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎09-30-2015 08:02 AM

I agree with Rasika. Allow either side to send the traffic.

 

but IIRC, the lowest MAC address, per pair, is the one that initiates the EOIP tunnel.

 

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card