I am trying to get isakmp/ipsec to work between two Cisco routers. One router has a static public IP, the other router is on a 1-1 NAT behind an ASA5510. The 5510 is using standard Fe0/0 for outside and Fe1/0 inside.
I have allowed all of the needed ports through the ASA5510 to the router but I still not get phase 1 to complete.
We are still using ISAKMP ON THE 5510 also for some VPN's that are being phased out and when I debug the 5510 I see it sending data to my remote site.
How can I make it so my port forwarded traffic is not "picked up" by ISAKMP on the ASA ? Is my only option to use another interface that does NOT run isakmp on it?
I think the problem is that I have sysopt permit-ipsec enabled on the device which kills the port forwarded acl's, can I enable sysopt selectively? Perhaps on an interface basis?
Your problem has nothing to do with sysopt, sysopt is for VPN tunnels terminated on the firewall itself, it has has no role in transit traffic. Make sure you are allowing both UDP 500 and 4500 in your ASA outside ACL. If possible post your ACLs and NAT configs (on the ASA) over here.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...