[c-nsp] EasyVPN IOS->ASA55xx
Ben Steele
ben at internode.com.au
Tue Apr 1 06:19:29 EDT 2008
Maybe it would be easier if you just pasted your config in rather than
us keep guessing, but I can add to the guess list.. :)
do you have nat-control turned on? if so have you got your nat 0
statement setup for the IPSEC traffic?
Ben
On 01/04/2008, at 8:08 PM, William wrote:
> Hi Peter,
>
> I went ahead and enabled it in the end, it stopped the error messages
> (denys) coming up in the logs but my data still isnt passing through.
> I'm still abit lost as to whats causing my issue, do you think it
> could be to with my ISAKMP/IPSEC settings? I'm not so sure because the
> logs show PHASE1&2 completed without any problems. :(
>
> Regards,
>
>
> On 01/04/2008, Peter Rathlev <peter at rathlev.dk> wrote:
>> On Tue, 2008-04-01 at 09:05 +0100, William wrote:
>>> The command same-security-traffic permit intra-interface is not in
>>> the
>>> config but am I likely to break anything if I use it?
>>
>>
>> Well, you're likely to break the security that is there from the
>> beginning, without this command. You could compare it to "local proxy
>> arp". It will not stop any traffic flows that already work, just
>> allow
>> some more ones.
>>
>> Reference for the command:
>>
>> http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1289167
>> http://tinyurl.com/2ateua
>>
>> Regards,
>>
>> Peter
>>
>>
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list