Hi, When the ASAs are acting as vpn terminators you would not need to allow neither udp port 500 nor 4500 on the interface access list, you would need to do that if ASAs are acting as NAT devices or on the routers in between the two ASAs, in addition by default ASAs crypto access lists would bypass any interface access list. Udp port 500 is being used by the ike negotiation, when you enable the crypto map on the ASA outside interface you already bind that port to ike negotiation, Instead udp port 4500 is being used only in case of the existence of PAT devices along the path, and that decision would be dynamically detected by nat-t feature if enabled on the ASA, one more feature would be ipsec pass through which allows the PAT capable devices to create L4 translations based on the values of SPI inside the packests, finally the crypto access list should define any valid traffic from one end to another, whether icmp or whatever to trigger the tunnel.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...