I am not so familliar with 8.6 code and I am trying to give an outside host access to another host in the DMZ. I have have a NAT set for the host in the DMZ and in the ACL on the outside interface, i have used the local IP(192.168.x.x) in the ACL. I have defied my services(isakmp,esp,gre,ipsec).
When i do a show local host 192.168.x.x, i can see that there is an isakmp connection established
But adminstrator in the other end, keeps telling the tunnel is up! Packet-tracer also shows the packet drop after passing the NAT. But the output above shows isakmp connection in port 500. I also tried to test the port by telnet to the IP follow by the port number(192.16x.2x.22 500) with no luck.
You are probably using the real IP address as the destination IP address of the "packet-tracer" command and that is why the ASA tells you that the simulated connection would fail the RPF check. Since on the way it doesnt hit any NAT rule but on the back out it hits a NAT rule.
Try the "packet-tracer" output with the public IP address if you want to accurately simulate the incoming packet.
I did figured this part out, but i still don't understans why the other end of the tunnel is up when in my ASA it shows up! Also as i mentioned above, i cannot test port 500 via telnet.Obivious something is wrong but the configuration so simple!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :