Greetings All
I have Cisco ASA 5506-X w/ FirePOWER Services and am looking for an out-of-band
management solution.
What options do I have?
I have found some documents talking about setting up a modem and connecting it
to the RJ45 console port and am looking for other ways if doable.
Thanks
Cisco peoples,
Any plans to implement VTI OSPF support?
Or is this a limitation because of ASA Multicast support.
I ask because ASA multiple contexts share a single BGP process, but not OSPF
processes.
Thank you
Nick
___
cisco-nsp mailing list
On Sat, 20 Aug 2016, Michael Lee wrote:
Currently I have ASA 5580 with IPv4 NAT setup (public IP outside and RFC
1918 inside), I am considering to run IPv6 with Public IPv6 outside and
Public IPv6 inside (routing mode)
Just wondering there is anything I would need to consider except CPU,
10:56 p.m. (GMT+00:00)
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] ASA for IPv6
>
> Hi,
>
> Currently I have ASA 5580 with IPv4 NAT setup (public IP outside and RFC
> 1918 inside), I am considering to run IPv6 with Public IPv6 outside and
> Public IPv6 inside (routin
co-nsp@puck.nether.net
Subject: [c-nsp] ASA for IPv6
Hi,
Currently I have ASA 5580 with IPv4 NAT setup (public IP outside and RFC
1918 inside), I am considering to run IPv6 with Public IPv6 outside and
Public IPv6 inside (routing mode)
Just wondering there is anything I would need to consider exce
Hi,
Currently I have ASA 5580 with IPv4 NAT setup (public IP outside and RFC
1918 inside), I am considering to run IPv6 with Public IPv6 outside and
Public IPv6 inside (routing mode)
Just wondering there is anything I would need to consider except CPU,
memory and sessions)
Thanks,
~mike
don't usually notice
> the failover.
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Nick Hilliard
> Sent: Tuesday, June 28, 2016 11:07 AM
> To: Mihai Gabriel <mihaigabr...@gmail.com>
> Cc: cisco-nsp@puck.neth
-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick
Hilliard
Sent: Tuesday, June 28, 2016 11:07 AM
To: Mihai Gabriel <mihaigabr...@gmail.com>
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA cluster downgrade
Mihai Gabriel wrote:
> standby ASA boots
Mihai Gabriel wrote:
> standby ASA boots with 8.2 version (and the 8.2 startup-config) and starts
> the config replication, the configuration is messed up by the active unit.
> Doing a failover to the standby unit will impact the services.
> Is there a way to achieve this without disabling the
Hi,
I need to downgrade an ASA cluster running 8.4.6 to 8.2 without downtime
(like the upgrade process) but seems almost impossible because after the
standby ASA boots with 8.2 version (and the 8.2 startup-config) and starts
the config replication, the configuration is messed up by the active
g]
Sent: den 15 juni 2016 00:47
To: Ulrik Ivers <ulrik.iv...@excanto.se>
Cc: Josh Baird <joshba...@gmail.com>; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA VPN/AnyConnect Licensing
Hello Ulrik,
this has puzzled me for some time. When you purchase the license, you can
activate
cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Josh Baird
> Sent: den 13 juni 2016 21:57
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] ASA VPN/AnyConnect Licensing
>
> Hi all,
>
> I'm considering using the ASA5506W-A-K9 for a few small office locations,
> but I'm
Of Josh
> Baird
> Sent: den 13 juni 2016 21:57
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] ASA VPN/AnyConnect Licensing
>
> Hi all,
>
> I'm considering using the ASA5506W-A-K9 for a few small office locations, but
> I'm a bit confused on the licensing model f
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASA VPN/AnyConnect Licensing
Hi all,
I'm considering using the ASA5506W-A-K9 for a few small office locations, but
I'm a bit confused on the licensing model for AnyConnect. These devices will
need to handle client VPN (AnyConnect) termination for 1-5 users
-boun...@puck.nether.net] On Behalf Of Josh
Baird
Sent: Monday, June 13, 2016 3:57 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASA VPN/AnyConnect Licensing
Hi all,
I'm considering using the ASA5506W-A-K9 for a few small office locations, but
I'm a bit confused on the licensing model
Hi all,
I'm considering using the ASA5506W-A-K9 for a few small office locations,
but I'm a bit confused on the licensing model for AnyConnect. These
devices will need to handle client VPN (AnyConnect) termination for 1-5
users max.
Do these devices include licensing for a minimal number of
;ar...@viklenko.net>
To: cisco-nsp@puck.nether.net
Sent: Saturday, May 28, 2016 10:25 AM
Subject: [c-nsp] ASA: IPSec replay window size change
Hi, All!
Having periodic replay window alerts with some customers,
we desides to increase replay window globally to the max
value of 1024 using the command
Hi, All!
Having periodic replay window alerts with some customers,
we desides to increase replay window globally to the max
value of 1024 using the command
crypto ipsec security-association replay window-size 1024
But I can't find info how it is affects existing SAs.
I think that new window
I have tried many ways to make these work differently:
nat (inside,outside) after-auto source static OBJECT-LAN(s) PUBLIC ADDRESS(s)
nat (inside,outside) after-auto source dynamic OBJECT-LAN(s) PUBLIC ADDRESS(s)
Ive tried one-to-one in the object groups
Ive tried one to many, many to one, and
I know that shaping supported only on single-core cpu platforms.
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf
Of Artem Viklenko
Sent: 14 March 2016 07:53
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASA 5520 shaper > 150Mbps
Hi, All!
ASA 5550 w
p-boun...@puck.nether.net] On Behalf Of Artem
Viklenko
Sent: 14 March 2016 07:53
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASA 5520 shaper > 150Mbps
Hi, All!
ASA 5550 with Cisco Adaptive Security Appliance Software Version
8.2(5)59
Trying to shape outgoing traffic on ~290Mbps (upstream provide
Hi, All!
ASA 5550 with Cisco Adaptive Security Appliance Software Version
8.2(5)59
Trying to shape outgoing traffic on ~290Mbps (upstream provides
300Mbps).
But ASA allows only:
ASA1(config-pmap-c)# shape average ?
mpf-policy-map-class mode commands/options:
<64000-15440> Target
We run multi-tenant Cloud infrastructure for many small clients.
We are using ASA firewall contexts to protect inter-client hosted
communications.
Was thinking of using ASA-V instead of multiple contexts to keep costs down -
and I would more easily be able to automate the provisioning of the
Thank you, you are correct on all points.
No questions - Thank you, you are correct on all points.
-Original Message-
From: Łukasz Bromirski [mailto:luk...@bromirski.net]
Sent: 31 July 2015 12:26
To: Nick Cutting
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA and BGP
On 31
@puck.nether.net
Subject: Re: [c-nsp] ASA and BGP
On 30 Jul 2015, at 15:20, Nick Cutting ncutt...@edgetg.co.uk wrote:
I've tried running BGP on the ASA, just few routes, seems to work fine.
But now I may need to take in a whole lot more, in a location that only has a
pair of ASAs in Asia.
I
On 31 Jul 2015, at 10:23, Nick Cutting ncutt...@edgetg.co.uk wrote:
Just got confirmation that it is ~22,000 routes. 4 gig of ram on a 5515x.
should be fine.
However, I'm worried that no one is doing this, anywhere.
There’s quite a number of ASA edge deployments around the world, and
I've tried running BGP on the ASA, just few routes, seems to work fine.
But now I may need to take in a whole lot more, in a location that only has a
pair of ASAs in Asia.
I cannot find any documentation about routing limits on the ASA, except for
IGP, which states as many as the
On 30 Jul 2015, at 15:20, Nick Cutting ncutt...@edgetg.co.uk wrote:
I've tried running BGP on the ASA, just few routes, seems to work fine.
But now I may need to take in a whole lot more, in a location that only has a
pair of ASAs in Asia.
I cannot find any documentation about
Hi all,
I wan't to use a 5520 cluster 9.1.6 as VPN concentrator for branch
offices with 800 series routers. There will be a bunch of IPSec-RSA
tunnel profiles. Planned workflow is, for every profile seperate self
generated via openssl ca and one certificate for the router and one for
the
Newbie alert here...
We had an upgrade done from an older 5540 model. Currently working fine,
but our next step is to move the two 1gb interfaces in use to the 10gb
interfaces. I remember doing this years ago on an even older 5520 when one
of the interfaces had gone bad. Switching it was not
From: dale.shaw+cisco-...@gmail.com
To: madu...@gmail.com
CC: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA
Hi madunix,
On Wed, Feb 11, 2015 at 7:26 PM, madu...@gmail.com madu...@gmail.com
wrote:
I would like to block the following ports: 135,137,138,139,445,593,
tcp/udp on my
@puck.nether.net
Subject: Re: [c-nsp] ASA
Hi madunix,
On Wed, Feb 11, 2015 at 7:26 PM, madu...@gmail.com madu...@gmail.com
wrote:
I would like to block the following ports: 135,137,138,139,445,593,
tcp/udp on my Firewall
[...]
Well, what you need to do, is figure out how to block those
-nsp] ASA
Hi madunix,
On Wed, Feb 11, 2015 at 7:26 PM, madu...@gmail.com madu...@gmail.com
wrote:
I would like to block the following ports: 135,137,138,139,445,593,
tcp/udp on my Firewall
[...]
Well, what you need to do, is figure out how to block those ports, perhaps
by modifying
Correct.
David.
On 2/11/2015 4:22 AM, Alan Buxey wrote:
Going from 0 to 100 . That's a default block on the ASA platform isn't it?
alan
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
First, a couple things to be aware of on the ASA:
1) All inbound traffic (from unprotected -- protected network) is
Denied by default. You must explicitly permit the traffic you want via
an interface ACL.
2) All outbound traffic (from protected network -- unprotected network)
is Permitted by
From: dwhit...@cisco.com
To: matt.addi...@lists.evilgeni.us
CC: joshua.riesenwe...@outlook.com; dale.shaw+cisco-...@gmail.com;
madu...@gmail.com; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA
Hi Matt,
You are correct. Once you apply an ACL (any ACL) to an interface
Hi madunix,
On Wed, Feb 11, 2015 at 7:26 PM, madu...@gmail.com madu...@gmail.com
wrote:
I would like to block the following ports: 135,137,138,139,445,593,
tcp/udp on my Firewall
[...]
Well, what you need to do, is figure out how to block those ports, perhaps
by modifying the 'in'
Going from 0 to 100 . That's a default block on the ASA platform isn't it?
alan
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
I would like to block the following ports: 135,137,138,139,445,593,
tcp/udp on my Firewall
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.16.0.4 255.255.255.0 standby 10.16.0.5
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address
+1100
From: dale.shaw+cisco-...@gmail.com
To: madu...@gmail.com
CC: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA
Hi madunix,
On Wed, Feb 11, 2015 at 7:26 PM, madu...@gmail.com madu...@gmail.com
wrote:
I would like to block the following ports: 135,137,138,139,445,593,
Hi All,
Been searching through the archives and haven't seen this setup, wondering
if anyone has done this and has any pointers...
I'm attempting to do SSL VPN termination on a pair Cisco ASA 5500(active
failover). To do auto-login without storing the username/password on the
client machine I
On Thu, Dec 18, 2014 at 00:29:48, Kris Amy wrote:
Subject: [c-nsp] ASA 5500 SSL VPN Auth
Hi All,
Been searching through the archives and haven't seen this setup, wondering
if anyone has done this and has any pointers...
What pointers are you looking for? I've done a configuration like
On 12/18/2014 12:29 AM, Kris Amy wrote:
Been searching through the archives and haven't seen this setup, wondering
if anyone has done this and has any pointers...
I'm attempting to do SSL VPN termination on a pair Cisco ASA 5500(active
failover). To do auto-login without storing the
:29:48, Kris Amy wrote:
Subject: [c-nsp] ASA 5500 SSL VPN Auth
Hi All,
Been searching through the archives and haven't seen this setup,
wondering
if anyone has done this and has any pointers...
What pointers are you looking for? I've done a configuration like this
before for Kiosks
...@gmail.com
Date: Monday, 1 September 2014 16:24
To: ryanL ryan.lan...@gmail.com
Cc: cisco-nsp@puck.nether.net NSP cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] asa 5510, remote access vpn, resources across
lan-to-lan
Resent-From: Steve Housego steve.hous...@it-ps.com
Hi,
it could be nat but this depends
Kougoulos john.kougou...@gmail.com
Date: Monday, 1 September 2014 16:24
To: ryanL ryan.lan...@gmail.com
Cc: cisco-nsp@puck.nether.net NSP cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] asa 5510, remote access vpn, resources across
lan-to-lan
Resent-From: Steve Housego steve.hous...@it-ps.com
hi,
i'm hopefully going to find someone who's done this before, or who has
better google-fu than me. asa is not my strong suit.
i have users vpn'ing (ipsec) into one 5510, accessing various corp
resources there. the vpn pool isn't routed - i just nat it to one of the
various inside interfaces
Hi,
it could be nat but this depends on your routing config. It could also be
that this command is required:
same-security-traffic permit intra-interface
Regards,
John
On Mon, Sep 1, 2014 at 4:57 PM, ryanL ryan.lan...@gmail.com wrote:
hi,
i'm hopefully going to find someone who's done this
if your not bypassing interface
ACL¹s in your VPN config.
SteveH
-Original Message-
From: John Kougoulos john.kougou...@gmail.com
Date: Monday, 1 September 2014 16:24
To: ryanL ryan.lan...@gmail.com
Cc: cisco-nsp@puck.nether.net NSP cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] asa 5510
I have someone with an ASA5510 that is still running on 8.2.2 code, and has
asked me an interesting question so I thought I would post and see if anyone
has any solution, as my google fu seems to have failed me on this one.
I have the following scenario in play:
Internet ASA5510
:40 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA 5520 icmp error inspection not functioning after
upgrade
On May 4, 2014, at 11:16 AM, vinny_abe...@dell.com wrote:
I've always allowed echo-reply in the outside interface as well as
ttl-exceeded in the access-list applied
On May 4, 2014, at 11:16 AM, vinny_abe...@dell.com wrote:
I've always allowed echo-reply in the outside interface as well as
ttl-exceeded in the access-list applied to it.
You should also allow ICMP type-3/code-4, or you're breaking PMTU-D.
Hi ASA firewall gurus,
I recently upgraded a pair of ASA 5520's from 8.2(5)48 up to 9.1(5). I followed
the outlined upgrade path. I've got a DMZ with public IP's and no NAT involved
on one interface. Here, everything works as expected. The is another inside
interface which has dynamic NAT
Hi,
What kind of of a webfilter are you using ? I am asking this because ASA
can interact directly with some commercial products and you can do URL
filtering easily directly on the firewall.
In the schema that you proposed, traffic will return from ASA to the
webfilter machine and then back to
Hello,
We currently have our gateway / web filter routing setup in this manor:
lan --- 2921 ---asa(firewall) ---internet
|
-- web filter
So the traffic destined to the internet that is not supposed to be filtered
goes right through the router to the asa. The
I'm trying to do a quick and dirty add to a 9.1(3) ASA running WebVPN to allow
a contractor in without having to create them an account on our main directory
server. In IOS land, I could specify local auth before a server group and it
would work fine. It seems that in ASA land you can only
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Jason Lixfeld
Sent: Wednesday, November 20, 2013 2:14 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASA equiv to aaa login local group blah
I'm trying to do a quick and dirty add to a 9.1(3) ASA
Not having fun with TAC, let me ask the real experts :)
ASA-5585X running 8.4(7), recent upgrade in response to last month's
security advisories against the 8.4 code we were running...
Now getting a number of the %ASA-3-305006 regular translation creation
failed errors logged, typically for
One more thing to consider since it's not clear which 10G modules you're
using in your 3750-X stack: only the C3KX Service Module (C3KX-SM-10G)
supports full NetFlow (and only then for its two 10GbE ports). The normal
Network Module (C3KX-NM-10G) doesn't.
- J
On 10/24/2013 3:41 PM, Michael
One more thing to consider since it's not clear which 10G modules you're
using in your 3750-X stack: only the C3KX Service Module (C3KX-SM-10G)
supports full NetFlow (and only then for its two 10GbE ports). The normal
Network Module (C3KX-NM-10G) doesn't.
- J
On 10/24/2013 3:41 PM, Michael
On Oct 25, 2013, at 1:24 AM, cisco-nsp-requ...@puck.nether.net wrote:
[c-nsp] ASA 5525x netflow and cisco 3750x netflow
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
, then start working your way back to the
ASA and 3750x.
-Vinny
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Michael
Sprouffske
Sent: Thursday, October 24, 2013 3:42 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASA 5525x netflow and cisco
Is it possible to mix SSP and IPS SSP models? For example SSP-20 with
IPS SSP-40? When I mixed them I could not bring up the IPS SSP.
Thanks
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
No, the SSP modules must match.
Sincerely,
David.
On 10/25/2013 2:26 PM, Yang Yu wrote:
Is it possible to mix SSP and IPS SSP models? For example SSP-20 with
IPS SSP-40? When I mixed them I could not bring up the IPS SSP.
Thanks
___
cisco-nsp
I am struggling to get netflow off this box to my prtg server. I set
everything up per cisco documents and I see that udp export packets are being
sent from the ASA. I never recieve those on my prtg server. I have several
other devices setup and working just fine ( a bunch of routers). Is
Hi Michael,
If you see the UDP netflow packets leaving the ASA (via say a capture
from the ASA), and they are destined to the prtg server, then the issue
is downstream of the ASA. I would focus the troubleshooting there.
Sincerely,
David.
On 10/24/2013 3:41 PM, Michael Sprouffske wrote:
I am
...@netcabo.pt amsoa...@netcabo.pt
http://www.ccie18473.net/ http://www.ccie18473.net
From: Karl Putland [mailto:k...@simplesignal.com]
Sent: sexta-feira, 20 de Setembro de 2013 19:14
To: Antonio Soares
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA 5585-X upgrade error
You have
Hello guys,
I was preparing a few 5585-X upgrades to 8.4.6.5 and I got this:
+
FW# copy ftp: disk0:
Address or name of remote host [x.x.x.x]?
Source filename [asa846-5-smp-k8.bin]?
Destination filename
You have to got 9.1.2 first, then upgrade to 9.1.3
I just hit this today too.
--Karl
Karl Putland
Senior Engineer
*SimpleSignal*
Anywhere: 303-242-8608
http://www.simplesignal.com/explainer_video.php
On Fri, Sep 20, 2013 at 12:08 PM, Antonio Soares amsoa...@netcabo.ptwrote:
Hello guys,
On Fri, 20 Sep 2013, Antonio Soares wrote:
I was preparing a few 5585-X upgrades to 8.4.6.5 and I got this:
...
Destination filename [asa846-5-smp-k8.bin]?
...
No Cfg structure found in downloaded image file
Perhaps your ASA image is corrupted? Did you compare the MD5 signature of
the file
Hello group,
Strange issue, duplicate ACE entries are detected in the configuration, then
when one of the duplicate entries is removed (using the line keyword),
remote access to the device is lost. Then on the console a show run causes a
crash. The Firewall is a pair of 5585-X running 8.4.3.9.
OK, I'm slammed right now, but they are talking about upgrades of our ASA's
to 9.1. we are currently on 8.4 train. Is there a big difference like 8.2
to 8.4 there was?
or is this the typical type upgrade?
I just need to let them know how much time it's going to take to research
and implement.
On Tue, 6 Aug 2013, Scott Voll wrote:
OK, I'm slammed right now, but they are talking about upgrades of our ASA's
to 9.1. we are currently on 8.4 train. Is there a big difference like 8.2
to 8.4 there was?
or is this the typical type upgrade?
I just need to let them know how much time it's
Dear Friends
I m getting the following error in ASA in CSM whenever i m clicking on
Address Pools,Translation Options Translation Rules under NAT section.
This data for this policy is locked by activity/user:
abc.
After couple of restart and performing steps in the following links
...@puck.nether.net] On Behalf Of
vinny_abe...@dell.com
Sent: Monday, July 08, 2013 3:58 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASA 5585-X SSP-10 multi-context failover not stateful with
IPv4
Hi all,
I have a bizarre situation that isn't making sense to me.
I have two ASA 5585-X firewalls
, 8 de Julho de 2013 20:11
To: amsoa...@netcabo.pt; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] ASA 5585-X SSP-10 multi-context failover not stateful
with IPv4
No, just static routes in this environment. And I'm running a version that
is already supposedly fixed, 9.1(2) as this was fixed in 9.1
Hi all,
I have a bizarre situation that isn't making sense to me.
I have two ASA 5585-X firewalls with SSP-10. They are in an Active/Standby
configuration and running in multi-context mode. I have replication of state
information between them working just fine. We're running both IPv4 and IPv6
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
vinny_abe...@dell.com
Sent: segunda-feira, 8 de Julho de 2013 14:58
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASA 5585-X SSP-10 multi-context failover not stateful with
IPv4
Hi all,
I have a bizarre situation that isn't making sense to me.
I
-nsp@puck.nether.net
Subject: RE: [c-nsp] ASA 5585-X SSP-10 multi-context failover not stateful with
IPv4
Are you running OSPF ? If yes, check this bug:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fet
chBugDetailsbugId=CSCuc12967
Regards,
Antonio Soares, CCIE #18473
ASA 5515-X has no power switch, only power button.
Is there a way to set the ASA to automatically start after power failure?
Thank you for help
Vladimir
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
ASA 5515-X has no power switch, only power button.
Is there a way to set the ASA to automatically start after power failure?
Thank you for help
Vladimir
It takes a minute but the asa5500-x series will actually power on once power
resumes without any assist.
Not sure why it takes so long, but it
I'm guessing that there's some 'wait' algorithm to ensure that the power is
back and 'stable' rather than coming straight back up when the juice arrives.
.. otherwise things could get interesting if the power is wibbling up/down
alan
___
cisco-nsp
Il 12/06/2013 05:44, Phil Fagan ha scritto:
Looking for some insight on how Cisco handles the VPN traffic; return
traffic and possible routed tunnel interfaces for use with routing
protocols.
I don't see a whole lot out there about site-to-site VPNs and interop
between Cisco and Juniper using
It looks like it's doable, but annoying for OSPF anyway.
https://supportforums.cisco.com/message/3025822#3025822
www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml
On Wed, Jun 12, 2013 at 12:06 AM, Michele Bergonzoni berg...@labs.it wrote:
Il
Il 12/06/2013 09:42, Mike Hale ha scritto:
It looks like it's doable, but annoying for OSPF anyway.
ospf network point-to-point non-broadcast
neighbor 40.40.40.2 interface outside
You proved me wrong, but for some reason I'm not so excited... I
completely overlooked the internet-as-a-NBMA
Thanks Mike; looks pretty straight forward - I'll give it a whirl.
On Wed, Jun 12, 2013 at 1:42 AM, Mike Hale eyeronic.des...@gmail.comwrote:
It looks like it's doable, but annoying for OSPF anyway.
https://supportforums.cisco.com/message/3025822#3025822
Any ASA SME's out there?
--
Phil Fagan
Denver, CO
970-480-7618
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
On Tue, 11 Jun 2013, Phil Fagan wrote:
Any ASA SME's out there?
It's helpful to know more about what you're looking for in particular.
jms
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
Looking for some insight on how Cisco handles the VPN traffic; return
traffic and possible routed tunnel interfaces for use with routing
protocols.
I don't see a whole lot out there about site-to-site VPNs and interop
between Cisco and Juniper using dynamic routing protocols.
Any pointers would
to
respond, the CSC can slow to a crawl..
---
Howard Leadmon
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Michael Sprouffske
Sent: Thursday, May 30, 2013 2:56 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] asa ssm-csc-10 module
I
I installed the module and it appears that the url filtering does not work
correctly. If I have url filtering on, web pages take 60-90 sec to load. If I
turn off the filtering then the pages load right away. Anyone have experience
with this? Is the content module just a poor choice to use?
Hi,
We got a ASA5585-X SSP20 with a site to site IPSEC VPN between two of our POPs.
Both firewalls are with identical hardware and software versions (8.4(5)), the
VPN is configured with P1: IKEv1 AES/SHA and P2: ESP AES/SHA w/ Tunnel mode.
We had issues when the IPSEC VPN stops passing traffic
Hi all,
I recently bought a couple of ASA 5505s for my remote sites. Before I deploy
them, I wanted to check to see if there's any newer software available. When I
logged into the Cisco downloads site, it looks like the only releases are ED or
Interim. Is there a generally accepted best
Hello
Three zones/interface are used on ASA
Internet - security level 0
Inside - security level 100 with ipsec configured for vpn clients
DMZ - security level 100
Traffic from Inside to Internet works fine without ACL.
Traffic from DMZ to Internet works when ACL is applied.
As per my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3/20/2013 11:05 AM, Muhammad Jawwad Paracha wrote:
Hello
Three zones/interface are used on ASA
Internet - security level 0 Inside - security level 100 with ipsec
configured for vpn clients DMZ - security level 100
Traffic from Inside to
On Wed, Mar 20, 2013 at 17:08:48, Dave Brockman wrote:
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA Query
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3/20/2013 11:05 AM, Muhammad Jawwad Paracha wrote:
Hello
Three zones/interface are used on ASA
Internet - security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3/20/2013 5:34 PM, Ryan West wrote:
On Wed, Mar 20, 2013 at 17:08:48, Dave Brockman wrote:
Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASA Query
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 3/20/2013 11:05 AM, Muhammad Jawwad
On Wed, Mar 20, 2013 at 17:49:48, Dave Brockman wrote:
Subject: Re: [c-nsp] ASA Query
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3/20/2013 5:34 PM, Ryan West wrote:
On Wed, Mar 20, 2013 at 17:08:48, Dave Brockman wrote:
Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASA Query
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3/20/2013 5:52 PM, Ryan West wrote:
On Wed, Mar 20, 2013 at 17:49:48, Dave Brockman wrote:
Subject: Re: [c-nsp] ASA Query
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 3/20/2013 5:34 PM, Ryan West wrote:
On Wed, Mar 20, 2013 at 17:08:48
On Thu, 2013-02-21 at 16:47 +0100, Peter Rathlev wrote:
What we see by debugging is that the ones failing never seem to send
the ID_IPV4_ADDR_SUBNET ID payload with their remote LAN network.
We tried using an IPsec-over-TCP tunnel on one of the affected devices
for some days and it seems to
1 - 100 of 638 matches
Mail list logo