I have been struggling for days on what is - I guess - something very basic.
I have one router i want to connect to my ASA via VPN. This router has dynamic IP, so I managed to bring up the tunnel with a dynamic crypto map, and the router falls into the DefaultL2LGroup (I guess i have no choice anyway, corrct me if i am wrong). So this part is OK now, the tunnel is UP.
However, from the ASA, i can see packets coming from the tunnel but no packets are sent back from the ASA to the router.
ASA has a private network 192.168.250.0/24 and router has 192.168.242.0/24.
And here is the configuration :
access-list OPT_cryptomap_2 extended permit ip 192.168.242.0 255.255.255.0
crypto dynamic-map CIPAC-ENERGY-VALE3 2 match address OPT_cryptomap_2
However, just wandering, as this interface is the terminaison of my VPN, i guess this is not secure to make it as the managment interface, as the customer can access to my asa using the asdm and so on...
I allowed the ICMP on the interface :
icmp permit 0.0.0.0 0.0.0.0 MY-INSIDE-INTERFACE
but seems like it was not enough to allow a ping from outside... i'm gonna do some research on this but actually i will not leave the management command applyed on this interface..
You still have the ability to limit and restrict on what gains "management" access by using the ssh or http or telnet configuration commands essentially these are like management ACLs that define which networks gain access to your network. If you take a look at the command reference guide -
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :