I have setup a VPN through my ASA for my branch routers, Branch routers are on ADSL link and they are initiating the connection and they are able to connect to HO.On my ASA i have created dynamic-map which accepts connection dynamically.The problem is i can't initiate a connection from ASA to Branch router and also when branch routers are connected to HO when the tunnel is up though i m not able to telnet or ping to the remote branch routers??????
From what I understand you can only establish the VPN connection from ASAs side when its a L2L VPN. With ezvpn and hardware VPN clients, the client device is usually configured to automatically connect to the central VPN device when it has a internet connection. Though there is an option to manually give the username/password during connecting on the CLI. (atleast with routers)
About the VPN phase
I've onlyconfigured L2L VPN recently and in those cases the error message has usually related to the fact that the VPN connection isnt establishing for the connection you are testing. Usually means that the VPN settings dont match. Then again you are using the routers as VPN Clients so I'd guess the error is related to the fact that ASA cant initiate the connection to the client. The Client has to initiate the connection VPN connection first to give access to the remote networks.
Sorry, this is mostly me guessing. I don't really have a solid understanding of these types of VPN
When my branch routers intresting traffic initiate a connection to HO then only intresting traffic subnets from HO are able to initiate a connection.
Interesting traffic in HO 192.168.1.0 & 192.168.2.0
Interesting traffic in Branch 172.16.10.0 172.16.11.0
If suppose a pc in 172.16.10.0 initiate a connection to 192.168.1.0 then only any other PC in 192.168.1.0 can initiate a connection to branch in 172.16.10.0
If a PC in 192.168.1.0 want to initiate a connection to another subnet of branch suppose 172.16.11.0 the PC gets request timeout BUT if any PC in 172.16.11.0 initiate a connection to 192.168.1.0 then PC's from subnet 192.168.1.0 are also able to reach 172.16.11.0
Is this normal behaviour for one side static and another side dynamic IPSEC vpn.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :