I recently ran across a situation that doesn't make a lot of sense to me.
The network design is a hub and spoke using a carrier provided MPLS network with a ASA 5520 at the hub that has a IPSec tunnel to another part of the company.
This configuration has worked for sometime now (long before I came to the company a couple of months ago).
The thing that does not make sense to me is that the those networks out on the spokes did not have a route to the inside interface network of the ASA. With the way this MPLS works, if a network is not in the MPLS network routing tables it will not pass that network. The network was not in the MPLS network, nor was it in any of our edge routers connecting to the MPLS.
These hub networks did have routes both in the MPLS and edge devices for the networks on the other side of the IPSec tunnel and have been reaching them for some time.
So what I am trying to understand is how it is possible for these hosts that have no route to the ASA inside interface network, but do have routes to the remote networks, how are they able to successfully pass that traffic? There are no NAT devices between these WAN hosts and the ASA.
If I understand you correctly, you are curious how you can get to the remote networks from the spokes, without having to reach the ASA internal interface from the spoke networks?
If that's the case, then the reason is: Your spoke hosts use the destination of the remote networks, when sending data, and not the ASA as the destination. Your spoke network hosts would just send packets to the destination of the remote network and your hub network would just route that packet for you, through your hub network, and ultimately reach the internal ASA interface, before that is shipped off through the firewall, via your IPSec tunnel, to the remote network.
So, if you look at your routing table on the MPLS routers, then you should see either the remote networks listed, or a default route (0.0.0.0 - of which is most likely advertised, either by the ASA or the adjacent hub router).
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...