Cisco – Configuring Dynamic Multipoint Virtual Private Networks DMVPN
May30

Cisco – Configuring Dynamic Multipoint Virtual Private Networks DMVPN

Posted By on May 30, 2025

DMVPN KB ID 0000954 Problem A while back I uploaded a run through on how to deploy GRE tunnels and protect those tunnels with IPsec. That point-to-point GRE tunnel is a good solution, but if you have a lot of sites it’s not a solution that scales very well. Yes you can have 2147483647 tunnel interfaces, but good luck manually configuring all those tunnels and even if you did, if you want each of your remote sites to talk to each...

Read More
Implementing GDOI into DMVPN
May29

Implementing GDOI into DMVPN

Posted By on May 29, 2025

GDOI into DMVPN KB ID 0000956  Problem Just recently I covered DMVPN, which is a great scalable system for adding new sites to your network infrastructure and have them join an existing VPN solution without the need to add extra config at the ‘hub’ site. One of the advantages of DMVPN is it maintains VPN connections from your ‘Spoke’ sites back to the ‘Hub’ site, but if a spoke site needs to speak...

Read More
Cisco ASA – Remote VPN Client Internet Access
May02

Cisco ASA – Remote VPN Client Internet Access

Posted By on May 2, 2025

VPN Client Internet Access KB ID 0000977 Problem I have answered a lot of questions in forums, that are worded something like, “When I have a remote client connected to my firewall VPN they lose Internet access!” Traditionally that’s exactly what the ‘default’ remote VPN Internet  access (IPSEC or AnyConnect) gave you. To ensure your remote VPN clients can access the Internet you have two options. The...

Read More
Fortigate to Cisco ASA Site to Site VPN
Nov24

Fortigate to Cisco ASA Site to Site VPN

Posted By on Nov 24, 2020

KB ID 0001717 Problem Continuing with my ‘Learn some Fortigate’ theme’. One of the basic requirements of any edge firewall is site to site VPN. As the bulk of my knowledge is Cisco ASA it seems sensible for me to work out how to VPN both those firewalls together, like so; Well that’s the pretty picture, I’m building this EVE-NG so here’s what my workbench topology looks like; Disclaimer (Read First!...

Read More
Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”
Mar27

Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”

Posted By on Mar 27, 2019

KB ID 0001531 Problem While migrating a VPN tunnel from an ASA 5520 firewall to a new 5516-X I got this problem. The other end was a Cisco router (2900). As soon as I swapped it over, it was stuck at MM_WAIT_MSG3, and phase 1 would not establish; NUFC-ASA5516x(config-tunnel-ipsec)# show crypto isa IKEv1 SAs: Active SA: 6 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 6 1 IKE Peer: 1.1.1.1 Type :...

Read More