ASA, inside, Ipsec, L2TP, tunnel, VPNTroubleshooting this issue for a bit, user connects to a L2TP VPN presented by the ASA. They can connect to the inside network but not to a network connected to that ASA via IPSEC tunnel. This is actually a simple fix and enter the command:
8.4, ASAHere is some of the new stuff that is in it: http://itdualism.wordpress.com/2011/02/04/asa-8-4-first-look/ I am planning on testing it myself shortly and then doing a better review. Hopefully they changed NATing back from the god awful way they do it in 8.3 to the more awesome way it is done...
0 Comments
RSS Feed
Email a friend
ASA, DNS, manipulating, NAT, queries, query, re-writinghttp://www.techrepublic.com/blog/networking/cisco-asa-and-dns-pain-is-there-a-doctor-in-the-house/1140 This article was a god send for me. I was trouble shooting this issue for a while. In my case I had an internal device on a private vlan that needed to resolve the public address of another...
0 Comments
RSS Feed
Email a friend
ASA, Cisco, intra site routing, routing, routing within a networkWell it has been a long time, but I am back! Sadly elements in my personal life have kept me focused on other matters for the last 8 months or so and I apologize for that but I am ready and eager to return. For my first issue I want to talk about is with Cisco ASA's and concerns how to set up a...
0 Comments
RSS Feed
Email a friend
443, 5505, ASA, HTTPS, NAT, unable to reserve port 443 for static PATJust got this error when configuring an ASA, took me a bit to figure out what the issue was. When trying to create a static NAT rule with port 443 you get the error: unable to reserve port 443 for static PAT The issue was that under Management access, ASDM access was granted on the...
0 Comments
RSS Feed
Email a friend
access, ASA, ASDM, CLI, interface, Management, site to site, VPNOk, so you want to manage your ASA from a network connected via site to site VPN tunnel. No prob. Two easy steps makes this happens. First you have to add the network as an allowed access via the inside network. (I will use the 192.168.1.0/24 network in my example) From CLI it's: http...
0 Comments
RSS Feed
Email a friend
address, arp, ASA, Cisco, interface, IP, route, secondary, staticUnlike in a Cisco router where you can used the secondary command to add a secondary address to an interface, the Cisco ASA does not support this. Here is a workaround however. 1. First find out the mac address of the ethernet interface you will be using: sh interface Ethernet0/1 This should...
0 Comments
RSS Feed
Email a friend
active, Add new tag, ASA, ASDM, Cisco, CLI, HA, High Availability, standby, wizardOk so you can easily do this from within the ASDM using the HA wizard, however I recently tried this and had issues with the wizard not working for me. So here is how you do it from the cli: Primary: failover failover lan unit primary failover lan interface failover Ethernet X failover key...
1 Comment
RSS Feed
Email a friend
ASA, Cisco, VPN, WatchGuardI have been working with a client with multiple sites and up until recently they have been using Watchguards at all sites. Recently we have been switching out some of the Watchguard for Cisco ASA's but there have been a ton of site to site VPN issues. For example, a tunnel goes down, so you re-key...
1 Comment
RSS Feed
Email a friend
ASA, CHAP, Cisco, Ipsec, L2TP, LDAP, PAP, PPTP, RA, Remote Access, ssl, VPNSo I configured my ASA to provide L2TP remote access VPN. I originally set it up with a local user database and it worked fine. After I decided to tie it in to LDAP so I could authenticate against Active Directory. I set up my LDAp integration and used the built-in test tool to make sure it worked,...
1 Comment
RSS Feed
Email a friend
