ASA blocking IPsec to any outside end-point

Unanswered Question
Jan 9th, 2010
User Badges:

I have a routed firewall configuration that requires folks on Inside network to be able to use

IPsec VPN which terminates both at the shared public interface and also other end points.

I can't seem to set the ASA to allow it.  I've added a low security IPsec-passthrough-map

which didn't help.

I am fine with globally allowing the use of IPsec from the internal network.

Any ideas would be appreciated.

Thanks,  Roger

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vilaxmi Sat, 01/09/2010 - 11:52
User Badges:
  • Cisco Employee,


Is your tunnel UP and you are just not able to pass traffic or your tunnel itself is notcoming UP ? Try pasting show crypto isakmp sa and show crypto ipsec sa and also show run

For exempting vpn traffic form ACL check you can try :

sysopt connection permit-vpn global config command




This Discussion