I am currently testing in lab and so far we have been able to setup NAT on the ASAs, link up the tunnel running GRE and NHRP, and build an eBGP session over the tunnel, but the moment we attempt to encrypt the tunnel on the routers the link drops and fails to establish.
For the lab, both ASAs are setup with simple 1 to 1 static NAT statements and an ANY/ANY statement for traffic coming into the 2 routers.
We are getting P1 completion, QM_IDLE, on both sides, but it seems to be failing on P2. My best guess at this point is because we are natting the traffic and the src/dst (local/remote) pairs for the tunnel don't match but I have exhahusted my resoures on how to resolve it. Any help would be greatly apprciated.
For the lab, we are using 172. for WAN/Local addresses and 192.168 addresses to simulate the internet.
Hub ASA is translating f0/0 on the hub router to 192.168.1.3
Spoke ASA is translating F0/1 on the spoke router to 192.168.2.3
We were able to resolve this by switching from PSK to RSA-SIG and making sure tunnel mode was enabled correctly on both ends. Aparently DMVPN doesn't work with NAT and PSK but it works fine with RSA-SIG.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...