800 series and VPN

Hi all

I have searched high and low for answering this question and came from far away confused.

Should I DMVPN in order to use a VPN endpoint behind a perfomring NAT router?

ISP---> Internet router---> 800

In addition, if the answer is no, then can al of the 800 series and soho routers support this?

I appreciate really all help with that.

I'm glad to hear that.

If you have any other questions, let us know

Please evaluate the useful messages.

Federico.

Tags: Cisco Security

Similar Questions

800 series vpn site to site?

Hello, I have a brand new pair of 851w with ios version 12.4 (15) T7. I can't seem to get a vpn site-to set up, I was able to use these seccessfully 800 series in the past. I have stripped the configs down to the essentials and still cannot be established.

When I do a crypto session see the everything seems okay, but the connection is "down".

I'm not 100% sure on my cryptographic transformation

"crypto ipsec transform-set esp - aes AES-SHA-compression hmac-sha-esp computer-lzs" I'm not sure that the 800 series will support encryption or if I should use something else.

I have attached the configs.

You must change the configuration of: -.

the IP nat inside source 1 interface 4 overload list

TO

IP nat inside source overload map route interface FastEthernet4 sheep

HTH >

800 series Router and ASA will not create a tunnel

Hey everybody, what had confused me for a week now, and I feel that it is something small that im overlooking. My 800 router and my ASA will not pass traffic through a VPN. Here are my configs (less sensitive data of course). I also removed irrelevant data to narrow down the config.

800 series router:

DHCP excluded-address 192.168.2.1 IP 192.168.2.100

!

IP dhcp pool internaldhcp

network 192.168.2.0 255.255.255.0

x.x.x.x where x.x.x.x DNS server

default router 192.168.2.1

!

!

IP cef

no ip domain search

domain IP (domain here)

Server name x.x.x.x IP

Server name x.x.x.x IP

No ipv6 cef

!

!

crypto ISAKMP policy 1

BA 3des

md5 hash

preshared authentication

Group 2

address key (password) crypto isakmp (ip WAN of ASA)

!

!

Crypto ipsec transform-set esp-3des esp-sha-hmac 3des-sha

Crypto ipsec transform-set esp-3des esp-md5-hmac 3des-md5

Crypto ipsec transform-set esp-3des esp-md5-hmac distance

!

!

map KentonMap 1 ipsec-isakmp crypto

defined peer (ASAs WAN IP)

the value of the transform-set 3des-sha

match address 110

!

!

!

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

Description outside the int

(Local WAN) 255.255.255.252 IP address

NAT outside IP

IP virtual-reassembly in

automatic duplex

automatic speed

card crypto KentonMap

service-policy output VoiceLLQ

!

interface Vlan1

IP 192.168.2.1 255.255.255.0

IP nat inside

IP virtual-reassembly in

Fair/fair-queue

!

!

IP nat pool insidepool (WAN IP) (WAN IP) netmask 255.255.255.252

IP nat inside source list 100 insidepool pool overload

IP route 0.0.0.0 0.0.0.0 (Next Hop)

!

access-list 100 permit ip 192.168.2.0 0.0.0.255 any

Note access-list 110 VPN ACL

access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.24.0 0.0.0.255

!

The ASA config:

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

IP 192.168.24.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

(LOCAL WAN) 255.255.255.252 IP address

!

permit same-security-traffic intra-interface

IP 192.168.24.0 allow Access - list extended sheep 255.255.255.0 192.168.2.0 255.255.255.0

Access extensive list ip 192.168.24.0 LimatoKenton allow 255.255.255.0 192.168.2.0 255.255.255.0

OutsideIn list extended access permit tcp any interface outside eq 3389

Global 1 interface (outside)

NAT (inside) 0 access-list sheep

NAT (inside) 1 192.168.24.0 255.255.255.0

Route outside 0.0.0.0 0.0.0.0 (Next Hop) 1

Server enable SNMP traps snmp authentication linkup, linkdown cold start

Crypto ipsec transform-set esp-3des esp-sha-hmac 3des-sha

life crypto ipsec security association seconds 28800

Crypto ipsec kilobytes of life - safety 4608000 association

card crypto LimaMap 1 corresponds to the address LimatoKenton

card crypto LimaMap 1 defined peer (800 WAN router)

card crypto LimaMap 1 the value transform-set 3des-sha

LimaMap interface card crypto outside

crypto isakmp identity address

crypto ISAKMP allow outside

crypto ISAKMP policy 1

preshared authentication

3des encryption

md5 hash

Group 2

life 86400

tunnel-group (800 WAN router) type ipsec-l2l

tunnel-group (800 WAN router)

IPSec-attributes

pre-shared key *.

ISAKMP crypto release:

ASA

Type: L2L role: initiator

Generate a new key: no State: MM_ACTIVE

Router

DST CBC conn-State id

(Local WAN) (ASA WAN) ACTIVE QM_IDLE 2003

Hello, Benjamin.

I guess that your router does NAT same for site traffic to site.

So, you have to deny traffic between ACL 100 sites.

PS: If this does not resolve your problem, could you please share isakmp/ipsec its on both sides?

The vs ASA55xx 800 series routers

Can someone give me a kind of overview of the differences between the devices of the ASA and 800 series routers (specifically 871)?

Mainly interested in VPN and security, but everything that can give me an idea of which one fits my scenario is greatly appreciated.

I have several agencies that I'll set up, a few small (1 WinXP), support (WinXP 5-15, 1-10 VPN), some big (for me) (10-100 WinXP, 10-50 VPN).

I am also interested in the same question.

You may want to look at

http://www.Cisco.com/application/PDF/en/us/guest/products/ps2030/C1650/ccmigration_09186a00801daa53.PDF

ASA firewalls are certainly faster than the 800 series routers, but for small offices (10 users), it may be not important. I like the ASA 5505 because there a switch 8 ports built-in, while the 871 has a 4 port switch.

One thing to remember is that, although the ASA has a FEW abilities of routing... it is first a firewall. So, you lose some flexibility by going with an ASA you may have a router. (for example: I don't think that the SAA can be a "router on a stick" with packets routed in & out on the same interface)

However, on the router 871 with all the features of firewall, to ensure that firewall features are enabled and configured... by default the SAA is a firewall... not to not do anything except plug it in and the firewall features are run automatically.

That's my opinion anyway

Thomas

Australian release for HP IQ 800 series date - someone has an idea?

The touchsmart IQ800 series computers were available in the markets of USA, Europe and Asia for almost a year. Despite several requests remained unanswered, in August 2009, the uncompromising HP still refuses to give Australian clients a final release date. The 800 series is clearly an important step of the 500 series, throughout all the technical characteristics of the product. If, like me, you're interested in investing in one, the only option available to Australian customers at the moment, is to import from Asia or USA at risk and cost. Having expressed my dissatisfaction, someone at - he a clue regarding when this model will be available in this country?

HP headquarters informed me today that the IQ818a is available through Harvey Norman on special order only.

As a solution to this issue, they also advised a new IQ series (record still forthcoming) version will be available on the market in October 2009.

HP Pavilion DM3 1100: HP DM3 1100 hybrid series and Windows 10 compatibility chart

Hello!

I am running W7HP x 64 on my DM3 of Pavilion with hybrid graphic system (Mobile Intel 4 series) and GeForce G105M. I'm worried because I'm not sure that the hybrid function works - which means that it will pass graphics cards according to the source of power and power management.

Can anyone confirm that the hybrid function works or is there any other app/trick/hack that I can use? I need discrete and integrated graphics to work when I'm connected to working with graphics applications (editing photo or 3D modeling light).

1 million thanks!

Scratch higher response! I did the job! I downloaded driver win 7, began the installation so that the files were extracted to the SWSETUP folder, leave the installation to finish in normal mode (no compatibility mode). At this point, there is no difference. Then I restarted my laptop and opened Device Manager and updated the driver manually selecting the inf file in the subfolder SWSETUP. I then did a bit of fiddling around with deactivation and activation of integrated graphics card Intel and all of a sudden, the LED TV light on and there was the desk! Although the resolution was not standard full HD, but something more small to 1680 x 1050. Disconnect and reconnect the HDMI Cable causes the actions required, which means that the laptop screen turns on and turns off properly.

I hope it'll work with my desktop LCD screen to... :/ Will report!

VISA series and the time elapsed in a timeout

Hi people,

Still new to LabView, please bear with me...

I have a VI that is sitting and wait a certain string of characters arrive on the port series, but I need a timeout that is not based on the VISA expiration time.

I expect a bunch of text via the serial port for ~ 45 seconds, then my input string will compare the matched string and move to the next VI.

In case of no matching strings, the serial port can continue to send data serially, or may be inactive (no-determinisitic because this test is to see if a computer system started successfully). But once the VI starts, I should have 60 seconds to find the match, or set the bool 'selection' to fail.

I tried to put my loop of time inside the main loop, outside, with or without SRs, and now I am at a loss. I looked at the VI has highlighted and the serial activity is active the timer has expired for 60 seconds.

Please take a look at the joint and thanks for taking a peek at this post.

I'm not entirely sure I understand what you are trying to accomplish. However, here are my thoughts:
1. You have attached the VI waits 60 seconds before checking the serial port for waiting bytes ONCE then read bytes if available and leave immediately. It's because you have while the loop around the elapsed time and it should run completely before moving on to the serial communication loop.
2. I assume that you have configured the port series and characters of endpoint set, etc. in a main vi
3. Please try the VI updated seal and let us know if this helps
Thank you

Charles Chickering

Wireless and VPN RV042 router WRT54G

Respected member, please help if you can! I have an ADSL with dynamic connected with the wrt54g router, I recently bought RV042 and want to connect the wire coming from wireless with ports. so, basically, I want to use RV042VPN for help after the router, is there a way I can use vpn behind with port using RV042 router wireless

I can't be able to connect to the vpn as he seeks is not an ip or WAN/LAN.

It may be possible if you're lucky. But I highly recommend not to connect the RV042 after the WRT. A VPN server must always have a public IP address. Running a VPN server behind a router NAT (such as WRT) makes it extremely difficult and often it won't work at all. Connect the RV042 directly to your modem, configure it to your internet connection. In this way the RV042 has the public IP and VPN should become much easier. Then implement the WRT as simple access point in your network by changing the address LAN IP of 192.168.1.1 to 192.168.1.2, disable the DHCP server, and connect a LAN port of the WRT on a LAN on the RV042 port.

Any java API to delete profile wifi and vpn

Hi, I am trying to API seeks to delete the wifi and vpn profile after searching autour and read the documentation of the API, I found nothing. I think that there is no such API. Could someone give a confirmation on that? Thank you very much.

never heard of an API for that

WRVS4400N with AG300 and VPN connections

I bought a WRVS4400N router hoping to add wireless and VPN capability at a remote office LAN. I want to be able to establish a VPN connection from my PC to the central office to the WRVS4400N to remote desktop, access and administer systems at the remote office. Remote desktop systems is unnecessary access to systems to the central office.

Before you deploy the WRVS4400N to remote desktop, I'm stable and by configuring it to our central office.

Our central office is a router Linksys AG300 and ADSL service for Internet connection. It works well and I don't want to change it.

I have connected the WRVS4400N to our central office LAN and it has an IP address on its WAN port assigned by the DHCP server on the AG300.

What I do not understand how to establish a VPN connection to a system on the Internet at the WRVS4400N on the local network. I have a laptop with the QuickVPN software installed. If I connect my laptop to the AG300 (i.e. the same switch as the WAN port on the WRVS4400N) I can establish a VPN connection to the WRVS4400N but if I connect to my laptop to the Internet (via my ADSL service at home), I am unable to set up the VPN. I don't know how to configure the AG300 so that the VPN from my laptop reaches the WRVS4400N.

I transfer ipsec enabled on the AG300, but this does not seem to run the VPN with the WRVS4400N.

Can someone tell me what I need to do?

Is there some other DSL modem I could use that facilitates the connection? There is another DSL modem (I don't know make/model until I visit the site) used in remote desktop, but I could replace it if I knew that the replacement work.

Update: I got it to work. See https://supportforums.cisco.com/thread/2108785 for the advice that has been most useful.

The essential steps have been before the ports indicated in this article (and UDP 500) to the WRVS4400N and I dropped a bit of the MTU (do not know if this was really necessary). Now I can establish connection QuickVPN, except when the Windows Firewall interferes.

Hello

Thank you for posting. In the AG300, transmit the following ports to the IP address of the WAN WRVS4400N port: 443, 500, 4500, 60443. This allows you to establish a QuickVPN for the WRVS4400N using the WAN IP of the AG300.

Can fast VPN and VPN Cisco coexist (WRVS4400N)

I am looking to buy a WRVS4400N to take care of my home network. While I get out on the road I want to VPN in my home network to my laptop (on which I installed Cisco VPN for the company's mobile access to my corporate network). In this spirit, I have three questions:

1. is the Cisco VPN client on my laptop be able to establish a VPN connection to unity WRVS4400N? I suspect not, and instead, I have to use fast VPN.

2. I understand there are problems in co existence with different suppliers, VPN clients (when I tried before with a Netgear router, the VPN Netgear client broke the Cisco VPN client). Quick VPN client Linksys can coexist with the Cisco VPN client without any problems?

3. a last resort, if Cisco and Linksys VPN can coexist, install the client quick VPN Linksys inside a VM Ware image would work (while the Cisco VPN client is still installed in the host operating system).

Thanks much for any help.

(1) correct. For WRVS4400N QVPN

(2) I run the Cisco VPN CLient and VPN fast on my laptop and seems fine

GANYMEDE + for the unified management of ASA and VPN auth

Hello, I have ASA 5540 and 4.2 ACS (AD backend), I want authentic unified management and vpn access.

For example, I have two groups in ACS (mapping AD): Admins, VPN access.

I wish that Admins have full access (shell, VPN) and "Access VPN" only vpn, without shell of any kind.

I understand how to do with RADIUS - use 'Service-type' and network access profile, but how to do it with GANYMEDE +?

There is something

I explained to him almost the same scenario in the post of 2008

https://Cisco-support.hosted.Jivesoftware.com/message/853751#853751

To achieve this, you should have even ASA added to GANYMEDE and RADIUS AAA cleint.

Since you want to group admin must have FULL access so don't change anything on this group.

Now vpnaccess Group on ACS must have only access to the VPN, then here you need to implement IP-based NAR

Go into the setup of the Group > ip based NAR

I hope this helps.

Rgds, jousset

Note the useful posts ~

Back on the cisco ASA 5500 series and PIX 500 series

Hello

I fund a site www http://www.searchsecurity.de/themenkanaele/plattformsicherheit/schwachstellenmanagement/allgemein/articles/106752/ (only in German). I have read that it is possible to make a denial of service on cisco PIX 500 series and series 5500 ASA, when the TTL value is enabled.

How can I check that? or solve the problem?

I thank you,

Mary

What version of the code you run the Pix or ASA. Refer to the "Products affected" section for more information on versions and the products concerned. This should point you in the right direction.

Also, listed in the URL is bypasses and fixed Versions that you may want to check.

Kind regards

Arul

problem with Ezvpn and VPN from Site to Site

Hello

I want to set Ezvpn and VPN Site to another but the problem is that the EasyVpn that would only work at the Site to the Site does not at all

I have set up 1 card for two VPN with different tagged crypto

I had execlude the traffice to NOT be natted to, and when I remove the Ezvpn site to another work well

crypto ISAKMP policy 100
BA aes
md5 hash
preshared authentication
Group 2
!
crypto ISAKMP policy 10000
BA aes 256
preshared authentication
Group 5
key address 123456 crypto isakmp (deleted)

ISAKMP crypto client configuration group easyvpn
easyvpn key
domain ezvpn
pool easyvpn
ACL easyvpn
Save-password
Split-dns cme
MAX User 9
netmask 255.255.255.0
!

Crypto ipsec transform-set esp - aes 256 esp-sha-hmac vpn

Crypto-map dynamic easyvpn 10
Set transform-set dmvpn
market arriere-route
!
!
address-card crypto easyvpn local Dialer1
card crypto client easyvpn of authentication list easyvpn
card crypto isakmp authorization list easyvpn easyvpn
client configuration address card crypto easyvpn answer
easyvpn 100 card crypto ipsec-isakmp dynamic easyvpn
easyvpn 1000 ipsec-isakmp crypto map
defined by the peers (deleted)
Set transform-set vpn
game site address

interface Dialer1
the negotiated IP address
IP mtu 1492
NAT outside IP
IP virtual-reassembly
encapsulation ppp
Dialer pool 1
PPP authentication chap callin pap
PPP chap hostname
PPP chap password
PPP pap sent-name to user
easyVPN card crypto

DSL_ACCESSLIST extended IP access list
deny ip 100.0.0.0 0.0.0.255 101.1.1.0 0.0.0.255
deny ip 100.0.0.0 0.0.0.255 70.0.0.0 0.0.0.255
IP 100.0.0.0 allow 0.0.0.255 any
refuse an entire ip
easyvpn extended IP access list
IP 100.0.0.0 allow 0.0.0.255 70.0.0.0 0.0.0.255
IP extended site access list
IP 100.0.0.0 allow 0.0.0.255 101.1.1.0 0.0.0.255

Best regards

The sequence number of card crypto for the static mapping crypto (site to site vpn) should be higher (ie: sequence number must be lower) than the ezvpn (map dynamic crypto).

In your case, you must configure as follows:

map easyvpn 10 ipsec-isakmp crypto
defined by the peers (deleted)
Set transform-set vpn
game site address

map easyvpn 150 - ipsec-isakmp crypto dynamic easyvpn

Hope that solves this problem.

remote VPN and vpn site to site vpn remote users unable to access the local network

As per below config remote vpn and vpn site to site vpn remote users unable to access the local network please suggest me a required config

The local 192.168.215.4 not able ping server IP this server connectivity remote vpn works fine but not able to ping to the local network vpn users.

ASA Version 8.2 (2)
!
host name
domain kunchevrolet
activate r8xwsBuKsSP7kABz encrypted password
r8xwsBuKsSP7kABz encrypted passwd
names of
!
interface Ethernet0/0
nameif outside
security-level 0
PPPoE client vpdn group dataone
IP address pppoe
!
interface Ethernet0/1
nameif inside
security-level 50
IP 192.168.215.2 255.255.255.0
!
interface Ethernet0/2
nameif Internet
security-level 0
IP address dhcp setroute
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
No nameif
no level of security
no ip address
management only
!
passive FTP mode
clock timezone IST 5 30
DNS server-group DefaultDNS
domain kunchevrolet
permit same-security-traffic intra-interface
object-group network GM-DC-VPN-Gateway
object-group, net-LAN
access extensive list ip 192.168.215.0 sptnl allow 255.255.255.0 192.168.2.0 255.255.255.0
192.168.215.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.2.0 255.255.255.0
tunnel of splitting allowed access list standard 192.168.215.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
MTU 1500 Internet
IP local pool VPN_Users 192.168.2.1 - 192.168.2.250 mask 255.255.255.0
ICMP unreachable rate-limit 1 burst-size 1
enable ASDM history
ARP timeout 14400
NAT-control
Global 1 interface (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0
Route outside 0.0.0.0 0.0.0.0 59.90.214.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
AAA authentication LOCAL telnet console
AAA authentication http LOCAL console
AAA authentication enable LOCAL console
LOCAL AAA authentication serial console
Enable http server
x.x.x.x 255.255.255.252 out http
http 192.168.215.0 255.255.255.252 inside
http 192.168.215.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto-map dynamic dynmap 65500 transform-set RIGHT
card crypto 10 VPN ipsec-isakmp dynamic dynmap
card crypto VPN outside interface
card crypto 10 ASA-01 set peer 221.135.138.130
card crypto 10 ASA - 01 the transform-set RIGHT value
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 65535
preshared authentication
the Encryption
sha hash
Group 2
lifetime 28800
Telnet 192.168.215.0 255.255.255.0 inside
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 5
Console timeout 0
management-access inside
VPDN group dataone request dialout pppoe
VPDN group dataone localname bb4027654187_scdrid
VPDN group dataone ppp authentication chap
VPDN username bb4027654187_scdrid password * local store
interface for identifying DHCP-client Internet customer
dhcpd dns 218.248.255.141 218.248.245.1
!
dhcpd address 192.168.215.11 - 192.168.215.254 inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
Des-sha1 encryption SSL
WebVPN
allow outside
tunnel-group-list activate
internal kun group policy
kun group policy attributes
VPN - connections 8
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value split tunnel
kunchevrolet value by default-field
test P4ttSyrm33SV8TYp encrypted password username
username kunauto password bSHrKTGl8PUbvus / encrypted privilege 15
username kunauto attributes
Strategy Group-VPN-kun
Protocol-tunnel-VPN IPSec
tunnel-group vpngroup type remote access
tunnel-group vpngroup General attributes
address pool VPN_Users
Group Policy - by default-kun
tunnel-group vpngroup webvpn-attributes
the vpngroup group alias activation
vpngroup group tunnel ipsec-attributes
pre-shared key *.
type tunnel-group test remote access
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group ipsec-attributes x.x.x.x
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:0d2497e1280e41ab3875e77c6b184cf8
: end
kunauto #.

Hello

Looking at the configuration, there is an access list this nat exemption: -.

192.168.215.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.2.0 255.255.255.0

But it is not applied in the States of nat.

Send the following command to the nat exemption to apply: -.

NAT (inside) 0 access-list sheep

Kind regards

Dinesh Moudgil

P.S. Please mark this message as 'Responded' If you find this information useful so that it brings goodness to other users of the community

800 series and VPN

Similar Questions

Maybe you are looking for