DMVPN router behind ASA - need help please.
Hello
After reading many other discussions on this topic, it appears with the correct IOS and NAT - T active router, you bring up DMVPN behind a NAT device.
I tried to perform this task, but I can not even phase 1 going to the DMVPN. The routing was checked and I can ping the routers DMVPN public IP. I'm sure that the configurations for routers are good, but asked if any additional NAT is required on the ASA.
Here is the topology:
Plate rotating DMVPN > ASA > Internet > ASA > DMVPN Branch
The SAA on the side of the hub is in our data center and in production with several site-to-site and traffic to DMZ. Devices DMVPN is a Cisco 2921 and 1921. When I run a "debug crypto isakmp" on both routers, I see ISAKMP messages are sent on the branch DMVPN router. Nothing in the hub and no hits on the ASA ACL. I tried both the public IP address and the private IP address of the ACL on the ASA.
I have attached the relevant training and can post more if necessary.
Thank you
Brandon
Hello
I finally had time to laboratory it.
I used this topology:
I have
ASA (config) # sh run nat
NAT (INSIDE, OUTSIDE) static source HUB-ROUTER-REAL-IP interface service udp-eq-4500 udp-eq-4500
NAT (INSIDE, OUTSIDE) static source HUB-ROUTER-REAL-IP interface service udp-eq-500 udp-eq-500
!
object network HUB
dynamic NAT interface (INSIDE, OUTSIDE)
ASA (config) # sh run access-list
extended OUTSIDE permitted udp access list any HUB-ROUTER-REAL-IP eq isakmp object
list access extended OUTSIDE permitted udp any eq HUB-ROUTER-REAL-IP 4500
R2 #sh run inter t0
interface Tunnel0
172.16.0.1 IP address 255.255.255.0
no ip redirection
no ip next-hop-self eigrp 1
no ip split horizon eigrp 1
dynamic multicast of IP PNDH map
PNDH id network IP-99
source of tunnel FastEthernet0/0
multipoint gre tunnel mode
tunnel key 100000
Tunnel ipsec DMVPN-IPSEC-PROFILE protection profile
So it should be the same configuration that you use.
The only thing is that I had to ' stop/no shut' tunnel interface and removing some config that I also need to clear the connection on the ASA using "clear conn."
R2 #sh dmvpn
Legend: Attrb--> S - static, D - dynamic, I - incomplete
Local N - using a NAT, L-, X - no Socket
# Ent--> entries number of the PNDH with same counterpart NBMA
State of the NHS: E--> RSVPs, R--> answer, W--> waiting
UpDn time--> upward or down time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 PNDH details
Type: hub, PNDH peers: 2,.
# Ent Peer NBMA Peer Tunnel Addr add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 200.20.0.10 172.16.0.2 UNTIL 00:11:28
1 200.30.0.10 172.16.0.3 AT 00:11:22
R2 #.
Tags: Cisco Security
Similar Questions
-
NEED HELP Please im having a problem to forget my password and when I plug it it says its locked with a password he tried to put the itunes thing but it says enter password I put in what I rember, then said lokced for five minutes help me pls
Without knowing the password for your iPhone, there is no way to unlock it, bring even you to the Genius Bar. If you continue to enter the wrong password, you will be locked out of your iPhone, and your data will be unaccessable.
-
The guys that I need help please,
Last night I tried to install the update to alcapitan to my macbook pro, but it does not work it makes me a message (your installation cannot be finshed) and many many things and when I try to strt my macbook still keeps it install the updat and then get the message again...
I need help please
Hello, check if the mac you can use El Capitan. See the information update of OS X El Capitan - Apple Support here
-
I need to change my apple user ID e-mail address. Since I will be withdrawn and used my personal E-mail address instead of company e-mail. I need help please on how to do it. I now use IPhone 6
Launch Safari on your iPhone, iPad or Mac and go to appleid.apple.com.
To an iOS device, tap on manage your Apple ID. If requested, please check your identity after the connection.
Click or tap on change in section Apple ID and primary e-mail address.
Edit with your new email address.
-
Compaq cq10: need help please code error: CNU0015RN9 on compaq cq10 150ev
Need help please code error: CNU0015RN9
Thank you in advance!
Hello
No problem. Did you do a hard reset and try again?
For the error code, check again a time-
Try:
e9l11f3zv7
all lowercase letters
first letter is a small suitcase E
second is number Nine
third letter is small case L
fourth & fifth is number one
Sixth letter is small box F
seventh is number three
eighth letter is small suitcase Z
ninth letter is small case V
the last is number seven
Concerning
Visruth -
I have Windows XP 32-bit with IE8 Add ons. I mainly use Firefox Mozilla for my browser and Yahoo as my home page. Anyway, I have tried all the support and help guide and technicians told me to do to get add ons to open and activate but in vain. This computer was given to me as a profession, and it was used in a Bank, so I think that the system administrator has disabled the add ons. I myself as an administrator and use the tips and tricks given windows and Microsoft, but I always run up a wall. I need help, please.
I also need to know how to uninstall Windows antivirus software. I can't find anywhere on my computer. I feel really stupid and he is probably right in front of my face, but I can't find it to uninstall. I have McAfee that I paid dearly for if I want to use it until it expires.This "Microsoft antivirus' witness (AKA Trojan W32/FakeAlert) hijackware infection!
If you manage to somehow move to Win7, you will always have an infected computer.
The ONLY way to solve the problem is by formatting the current hard drive and do a clean installation of Windows, whether it is WinXP or Win7.
The ONLY way you can do a clean install of Windows XP if you have disks that came with the computer or if by chance, there is a hidden partition restore (not to be confused with the system restore).
If your kids er - well & their spouses are going to spend money on a new HARD drive, they'be be better spend on a low-end Windows 7 computer and brand-new (for example, a netbook or a mini).
NB: Any data on your Windows XP computer must be considered 100% reliable! (This includes all of your usernames and passwords, for example, those used for online banking, etc.) You do NOT want to put ALL the data from Windows XP to a new computer or HARD disk.
Good luck, Grandma. Hope that your grandchildren will treat you better than their parents.
PS: Time wounds all heels.
~ Robear Dyer (PA Bear) ~ MS MVP (that is to say, mail, security, Windows & Update Services) since 2002 ~ WARNING: MS MVPs represent or work for Microsoft
-
I want to return a plug-in, I accidentally deleted.i to play online snooker.can someone at - it need help please?
Hello
1. What plugin you are talking about?
2. on which site Web you are trying to play the game of billiards online?
3. what web browser do you use?
4. how exactly did you uninstall the plug?
Plug-ins are provided by third-party providers, you can try to load the game of billiards and verification that branch is needed.
Please come back with more information on the issue so that we can help you better.
You can also visit the link of the article of Microsoft that will guide you on how to ask questions below.
Suggestions for a question on the help forums
-
I'm trying to upgrade my vista to the next operating system or even 10 if possible and I can do what I need help please
Hello
There is no free upgrade Vista to 7, 8.1, or 10.
Follow these steps before you buy Windows 7.
Microsoft sells more than 7; Try Amazon.com.
Go to your computer / computer laptop manufacturer Web site and see if Windows 7 drivers are available for your make and model computer / laptop.
If this is not available, Windows 7 will not properly work for you.
Run the "Windows 7 Upgrade Advisor.
http://www.Microsoft.com/en-US/Download/details.aspx?ID=20
Check if your specifications are compatible for Windows 7:
"Windows 7 system requirements"
http://Windows.Microsoft.com/en-us/Windows7/products/system-requirements
"Windows 7 Compatibility Center" for software and hardware:
http://www.Microsoft.com/Windows/compatibility/Windows-7/en-us/default.aspx
Windows 7 upgrade paths:
http://TechNet.Microsoft.com/en-us/library/dd772579 (v = ws.10) .aspx
«Installation and reinstallation of Windows 7»
http://Windows.Microsoft.com/en-us/Windows7/installing-and-reinstalling-Windows-7
@@@@@@@@@@@@@@@@@@@@@@@@
Follow these steps before buy you and upgrade (new installation) of Windows 8.1.
Check if the manufacturer of your computer/laptop has Windows 8.1 drivers available for your model.
If this is not available, Windows 8.1 not install and work properly for you.
There is a lot of information in this first link from Microsoft:
Download and run the Windows Upgrade Assistant 8.1 of to see if your machine is compatible Windows 8.1 and read the update for Windows 8.1: FAQ here
"Update to Windows 8.1: FAQ".
http://Windows.Microsoft.com/en-us/Windows-8/upgrade-to-Windows-8
"8.1 for Windows system requirements.
http://Windows.Microsoft.com/en-us/Windows-8/system-requirements
@@@@@@@@@@@@@@@@@@@@@@@
How to buy Windows 10:
http://www.microsoftstore.com/store/msusa/en_US/cat/Windows/CategoryID.70036700
But first make sure that you have the correct configuration and your computer manufacturer provides the right drivers for 10.
https://www.Microsoft.com/en-us/Windows/Windows-10-specifications#sysreqs
" System requirements Windows 10"
https://www.Thurrott.com/Windows/Windows-10/3884/Windows-10-system-requirements
Microsoft deploys Windows 10 available as free upgrade to Windows 7 features, Windows and Windows Phone 8.1 8.1 qualified. It will be available from July 29, 2015
"FAQ Windows 10.
http://www.Microsoft.com/en-us/Windows/Windows-10-FAQ
See you soon.
-
worked very well and when was time to save I get the cyclic redundancy check, I try several times and made the same thing I need help please
Hello Hans,.
Thanks for choosing Microsoft Community!
According to the description of the problem, you have problems when you use the backup on Windows 8 feature.
Please answer these questions to better understand the issue and help you:
1. are - what you're talking to backup and restore functionality on Windows 7?
2 have you made any changes to the computer before the show?
It is perhaps to cause bad sectors on the hard drive, run the disk check to repair bad sectors
Check your hard drive for errors:
http://Windows.Microsoft.com/en-us/Windows7/check-your-hard-disk-for-errors
Important: Running chkdsk on the drive if bad sectors are found on the disk hard when chkdsk attempts to repair this area if all available on which data can be lost.
For more information:
Backup and restore: frequently asked questions
http://Windows.Microsoft.com/en-us/Windows7/back-up-and-restore-frequently-asked-questions
Hope the helps of information. Don't answer if you need assistance, we will be happy to help you.
-
Hello. I warned to creative cloud, but not what I was looking for. I want to cancel, but I can't find where I can do. I need help please. Thank you
Hello
Please see: -.
In order to cancel the order, please contact customer service
You can check: http://helpx.adobe.com/x-productkb/global/phone-support-orders.html
For more information on cancellation: cancel your creative cloud membership
-
DMVPN router behind a firewall
Hi all
I would like to know if the router DMVPN works behind a virtual firewall.
We use ISR routers
ISR router (spoke)--> virtual firewall--> WAN<-- isr="">
Please notify
HIII Jocelyn
Nice to meet you here also...
Yes, you are right. all you have to do is open the ports for traffic dmvpn. and also the NAT if the firewall is also performing NAT.
-
HP PROBOOK 4530 s: I need help please!
I need assistance with my base system device driver!
Lds material
PCI\VEN_197B & DEV_2394 & SUBSYS_00000000 & REV_30
PCI\VEN_197B & DEV_2394 & SUBSYS_00000000
PCI\VEN_197B & DEV_2394 & REV_30
PCI\VEN_197B & DEV_2394
PCI\VEN_197B & DEV_2394 & CC_088000
PCI\VEN_197B & DEV_2394 & CC_0880Help, please!
Hello
Install the driver from the following link card reader.
Kind regards
DP - K
-
HP Mini Bios Reset needed help please
Hello
I have a HP Mini and I need the password bios reset. I get a fatal error CNU9273NV5.
Help, please
Big welcome. Try.
e9lo7xf96q
Third letter lowercase l.
I must inform you that these services are not endorsed by HP, and that HP is not responsible for any damages that may occur to your system using these services. Please be aware that you do so at your own risk.
-
I forgot my admin password need to install the new program need help please.
I forgot my admin password, have tried several times but don't remember. I need to install a new program as soon as possible and need assistance please.
I forgot my admin password, have tried several times but don't remember. I need to install a new program as soon as possible and need assistance please.
Sorry, we are not allowed to help users to bypass the password protection, regardless of what are "reasons".
Here's the Microsoft Policy about this:
http://social.answers.Microsoft.com/forums/en-us/vistasecurity/thread/3eba3150-8742-4264-be9f-0daaad2282cd For the benefits of others looking for answers, please mark as answer suggestion if it solves your problem. -
I do not see my external hard drive in my computer but I can't in my devices and printers. I too see the drive in disk management. There is a lot of data on my hard drive that I need to save. It says that I have to initialize so the computer sees the drive but it clears my data. How to recover data? The drive works and makes no noise. Help, please. I uninstalled the RPG player
and reinstalled. I've also updated the driver and I still don't see the drive in my computer.
Hello
Welcome to the Microsoft community.
I understand that you have a problem with finding printers and external hard drives in the computer. We apologize for the unhandiness caused to you and appreciate your efforts in trying to solve the problem.
To help you better I would like to know the details.
- What is the brand and model of the computer?
- You did changes to the computer before the show?
- Have you tried to connect the same external hard drive on another computer?
I ask you to run the hardware and devices Troubleshooter and check if the problem persists. It is an automated tool that checks the hardware attached to the computer for known problems and provides details on how to correct them.
http://Windows.Microsoft.com/en-us/Windows7/open-the-hardware-and-devices-Troubleshooter
I ask you to install optional Windows, including updates updates and check if you are facing the issue.
Keep us updated on the issue to help you better.
Maybe you are looking for
-
Photo transfer iPhotos library
iPhotos crash on my iMac, so I think it would be better now to transfer everything to the Photos App. How can I do this and how would retain the albums that I put in place? I use iPhoto for all my digital scrapbooking kits and they are set up as even
-
Java no longer works on Firefox.
I got the update of Java 6 31. Chrome, I had, and it worked fine. Subsequently, there was an update of Java 7 9 update. Due to an error, I couldn't install Java 7, so I stuck with the update of Java 6 31. However, it did not work. I activated the ext
-
All-in-one: how to analyze when the printer is broken?
Hello. I have a HP 4480 all-in-one, and the printer stopped working earlier. I think it's really broken, the print heads seem to be stuck. Well, I don't really mind, I have an older printer that does work, but the scanner no longer works, asking the
-
Need diagram to check the close switch cover for dell inspiron 1525
Need schematics for Dell Inspiron 1525, check the following points: proximity LCD cover switch cable from the motherboard to the inverter How to check the inverter Thank you
-
last week the printer does nothing more. the bottom of power blinks all the time and it is not possible to turn on or off. I unplugged the power cable already and uninstalled the software and installed again, but problem not solved. I get the message