Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA blocking IPsec to any outside end-point

I have a routed firewall configuration that requires folks on Inside network to be able to use

IPsec VPN which terminates both at the shared public interface and also other end points.

I can't seem to set the ASA to allow it.  I've added a low security IPsec-passthrough-map

which didn't help.

I am fine with globally allowing the use of IPsec from the internal network.

Any ideas would be appreciated.

Thanks,  Roger

1 REPLY
Cisco Employee

Re: ASA blocking IPsec to any outside end-point

Hello,

Is your tunnel UP and you are just not able to pass traffic or your tunnel itself is notcoming UP ? Try pasting show crypto isakmp sa and show crypto ipsec sa and also show run

For exempting vpn traffic form ACL check you can try :

sysopt connection permit-vpn global config command

HTH

Vijaya

174
Views
0
Helpful
1
Replies