For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Schrier_58326's avatar
Schrier_58326
Icon for Nimbostratus rankNimbostratus
Jan 28, 2014

F5 TMOS 11.3 L2L vpn cisco ASA 8.4<

textWe want to setup a Site-2-Site vpn tunnel from F5 TMOS to a cisco ASA. We used IKEV1, SHA, 3DES and ESP phase 2. The VPN tunnel will establish isakmp (phase1)   -- [root@F5:Active:In Sync] con...
BIG-IP Access Policy Manager (APM)
design
security
TMOS
TMSH
Vitaliy_Savrans's avatar
Vitaliy_Savrans
Icon for Nacreous rankNacreous
Jan 30, 2014

By my mind you didn't see trough the tunnel because: From asa nat config I guess that 172.16.1.0/24 is terminated on ASA and 10.10.10.10 terminated of F5 (correct me if I am wrong). But you have access-list for crypto-map:

access-list vpn-test extended permit ip host 10.10.10.10 172.16.1.0 255.255.255.0

there will be no traffic pass through this access-list on ASA and you will not see any hitcounts in ipsec sa. I think you need change vice-vers you access-list and traffic selector.