Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Spoke (remote-vpn) to spoke (l2l-vpn) though hub ASA: ipsec-spoof

Hello!

We have one remote client and one remote office.

Client use remote vpn to connect to central ASA (remote net 192.168.10.0/24)

remote office uses l2l IPsec to connect to the same ASA inteface. (l2l remote net 10.2.2.0/24)

We try to connect this remote vpn client to l2l remote site with no luck

- crypto-acl from both sides are ok

- nat0 is ok

- we also have command same-security-traffic permit intra-interface, which permits communication between peers connected to the same interface

from packet-tracer input outside icmp 192.168.10.1 0 0 10.2.2.1 detail we see

Action: drop

Drop-reason: (ipsec-spoof) IPSEC Spoof detected

How can we solve this problem?

1 REPLY
Super Bronze

Spoke (remote-vpn) to spoke (l2l-vpn) though hub ASA: ipsec-spoo

Do you mind sharing your config, thx.

728
Views
0
Helpful
1
Replies