First one is from a running system that works, FP1-NNTL, however, the crytpo map for the dynamic are not working properly and if I go to add another site-2-site tunnel group that uses "outside_map" crypto map, it won't work. It won't work because of the crypto map that is assigned to the outside interface is not the "outside_map" it is "Mobile" Mobile is my attempt at getting cellphone with native VPN to work. Additionally, "outside_map" to interface outside verses "Mobile" also drop my ASDM nad telnet connectivity--see below.
This brings me to the second issue, can't seem to get the dynamic crypto map to work propery under the "outside_map". I know that I have to have the dynamic mode set to "transport" for the cell phone VPN's to work at all. Any pointers on how to fix this would be great.
The second attached file is from a tabletop box. Same configuration as the NNTL, but can't seem to get ASDM or telnet to work consistantly. I also know that is is because of the crytpo map to outside interface as when I change it from "outside_map" to "Mobile" it works, but when I switch it, it does not work.
I am fairly new at this ASA stuff and having to deal with a hug configuration that I didn't put together is over-whelming.
Any assistance from anyone is greatly appreciated.
Additionally, from the CLI I turned on capture for all acl-drop. I have a ping going from one side of the site-2-site VPN to the other side and it is dropping. The capture tells me it is dropping because of an ACL. But doesn't tell me which ACL.
I am using the tunnel-group 220.127.116.11, which uses the group-policy W-NOC for this interface. the policy does not have a vpn-filter assinged to it. So now I am digging to try and figure out which ACL is dropping this connectivity.
From the outside ASA, I ran packet tracer on the outside interface, icmp, source 10.255.255.1, dest 192.168.50.10. I receive a packet drop, and the erros is (rpf-violated) Reverse-path verify failed. I remove the line from the config, and now get dropped packet because of ACL, but it still doen't tell me which acl.
I also verified with production system and get same error.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...