RE: Security Issue

actaully its Double NAT .. NAT on Router and and then FW . I will cehck the
FW logging to see whats happening . Thank you , Sameer

 Date: Sun, 13 May 2012 08:48:09 +0100
Subject: Re: Security Issue
From: fbaena_at_ccie.co
To: i_sameer_at_hotmail.com
CC: ccielab_at_groupstudy.com

Hi Sameer,
A couple of things worth checking.
1) Ensure the routers are trying to use ESP and not GRE. Check the firewall
logs "show logging". Sometimes while configuring DMVPN we may think all is
good for ESP and then a misconfiguration could cause the router to try to
revert back to GRE.

2) Run some "dry" tests with packet-tracer.
It was not mention in the original email if NAT was in place, can you confirm
that is not the case?

Cheers, Francisco BaenaCCIE 25595 (R&S, SP)Senior Instructor - www.ccie.co

On Sun, May 13, 2012 at 6:54 AM, sameer inam <i_sameer_at_hotmail.com> wrote:

team, I need one Small Help , change toplogy , I put ASA FW 5510 on top

and Cisco Router 1941 /K9 behind that and tryng to Join Cisco Router to
DMVPN

cloud but Some reason ASA not passing that Traffic even though I opened port

4500 , esp , 5000 but Still the same.. if any of you giude me ,,, Thankyou
in

advance Sameer

Blogs and organic groups at http://www.ccie.net
Received on Sun May 13 2012 - 07:50:51 ART