1. IPSEC s2s tunnel configured between Head office and branch office works fine
2. Head office terminates RA VPN users and this works fine in terms of connectivity to networks at Head Office
3. RA VPN clients are unable to connect to branch office networks through IPSEC s2s tunnel between head office and branch office
4. Split tunneling is in use
The vpn profile created for this test is a replica of a working one (sharing the same pool but different policy) with the inclusion of the branch office subnets on the "tunnelled" networks (split tunnelling)
What i have observed
1. The branch office networks are included in the "tunnelled networks" (split tunnelling)
2. Each end of the tunnel is configure effectively allowing x.x.x.x to any IP on the cryptomaps
3. Nat exemption is configured as the first rule between the RA client subnet and branch office subnets
4. same-security-traffic permit intra-interface is enabled
5. Default routing ensures traffic hits same outside interface
6. Route print on the RA client points branch office networks though vpn interface
I cannot connect to any branch office networks and wanted some ideas on debugging to identify what the firewall is doing with the packets.
At this moment in time i do not have access to devices (permissions issue) to check if traffic is being received at the other end but will get this later in the week.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :