May i ask you a question? I face an unsolved issue. After i tested using packet-tracer, below is the results;
Drop-reason: (ipsec-spoof) IPSEC Spoof detected
But when trying on "inside", it successful.
Let me draws out my issue;
server <-connect-> pix <-connect-> router <-> pix <-connect-> user
ipsec is between the outside leg of 2 pix fws
server using port 80,443 and 2000.
I encountered problem in access web services using 2000. It is ok for 80 and 443.
In pix, using packet-tracer. All 3 ports results are same. Me ipsec configuration is simple one. end to end.
Do you know what go wrong? Really appreciate for your advise and help.
port 2000 is used by skinny.if f/w sees some application running on tcp 2000 but it's not skinnt traffic,f/w will drop it.
Disable inspect skinny
no inspect skinny
Do rate if helpful