I see hits on my ACL.
access-list OUTSIDE_8_cryptomap line 1 extended permit ip host
172.16.100.10 10.200.0.1 255.255.255.255 (hitcnt=1478) 0x596f7fe4
On Sat, Mar 9, 2013 at 2:33 AM, Piotr Kaluzny <piotrk_at_ipexpert.com> wrote:
> Dennis
>
> How's the Proxy ACL on the headend ASA look like?
>
> Regards,
> --
> Piotr Kaluzny
> CCIE #25665 (Security), CCSP, CCNP
> Sr. Technical Instructor - IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
> On Sat, Mar 9, 2013 at 5:30 AM, Dennis Worth <dennis.worth_at_gmail.com>wrote:
>
>> Config static (INSIDE,OUTSIDE) 172.16.100.10 access-list
>> INSIDE_nat_static
>> nat-control
>> match ip INSIDE host 10.10.10.125 OUTSIDE 10.200.0.1 255.255.255.255
>> static translation to 172.16.100.10
>> translate_hits = 111, untranslate_hits = 126
>>
>>
>> On Fri, Mar 8, 2013 at 8:25 PM, Dennis Worth <dennis.worth_at_gmail.com>
>> wrote:
>>
>> > Looks like possible routing issue. since 10.0.0.0 is inside. as a /8. so
>> > FW sees the 10.200.0.0/24 back to inside.
>> >
>> > I created a static to 10.200.0.0/24 to outside interface IP.
>> >
>> > Now on packet trace i get this
>> > Type - VPN Subtype - encrypt Action - DROP
>> >
>> >
>> >
>> >
>> >
>> > On Fri, Mar 8, 2013 at 5:53 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:
>> >
>> >> Check your NAT config, IPsec proxy ACL, and routing. Post your config
>> if
>> >> you're stumped.
>> >>
>> >> Brian McGahan, CCIE #8593 (R&S/SP/Security), CCDE 2013::13
>> >> bmcgahan_at_INE.com
>> >>
>> >> Internetwork Expert, Inc.
>> >> http://www.INE.com
>> >>
>> >> On Mar 8, 2013, at 6:30 PM, "Dennis Worth" <dennis.worth_at_gmail.com>
>> >> wrote:
>> >>
>> >> > Group,
>> >> >
>> >> > Probably something easy, but for life of me I can't find it.
>> >> >
>> >> > Phase I UP
>> >> > Phase II UP
>> >> >
>> >> > Nating on both sides of the tunnel, but one side does not recognize
>> the
>> >> Nat
>> >> > on one side for VPN outbound.
>> >> >
>> >> >
>> >> >
>> >> > (REMOTE SIDE) 10.10.10.10
>> >> > ---ASA-10.200.0.1(NAT)-----(NAT)172.16.100.10-ASA---10.10.10.125 (HUB
>> >> SIDE)
>> >> >
>> >> >
>> >> > Hub side receives traffic but does not send traffic.
>> >> >
>> >> > Bad ACL's?
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Dennis Worth
>> >> >
>> >> >
>> >> > Blogs and organic groups at http://www.ccie.net
>> >> >
>> >> >
>> _______________________________________________________________________
>> >> > Subscription information may be found at:
>> >> > http://www.groupstudy.com/list/CCIELab.html
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >
>> >
>> >
>> > --
>> > Dennis Worth
>> >
>> >
>> >
>>
>>
>> --
>> Dennis Worth
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
-- Dennis Worth Blogs and organic groups at http://www.ccie.netReceived on Sat Mar 09 2013 - 07:24:51 ART
This archive was generated by hypermail 2.2.0 : Wed Apr 03 2013 - 19:06:19 ART