Hi,I have the following scenario: Outside | ASA--DMZ (valid IP range/28) | Inside (10.0.0.0/20) I need to set up the ASA so that traffic originating from a DMZ host, with destination being the ASA's outside IP address and port 25/tc...
we are trying to implement per user split tunneling using ACS. In the past attribute ipsec-split-tunnel-list was used for ipsec clients and that works fine. Tested with any connect and this attribute does not appear to work. Questions:Is this attribu...
Hello,i have installed and configured 2 ASA5510 in failover (Active/Standby) and everything work fine, when the primary unit(active) fails, the secondary unit(Standby) assumes the role of active, however, when the primary unit (standby) returns to it...
If I issued "show threat-detection rate"I dont know what is different between Trigger and Event(Average(eps) and Current(eps))?How are measure and increment both parameters??I read all documentation but I still understand this topic.
Hi all,I have read through countless posts on my question and have gleaned a lot of information from them.My scenario is this.We have a 6500 core connected to two ASA's in active/standby mode. The ASAs are connected to two 3550 switches which are pro...
hi,I am trying to publish a web site on 80.2.100.85/80 and access it from 78.109.177.183. when I try to access the server on port 80, I get the following log message: Deny tcp src WAN:78.109.177.183/64679 dst PRG_LAN:80.2.100.85/80 by access-group "P...
Hi All,I'm trying to NAT the source address of incoming ssl traffic to the physical inside interface. So on the inside network all ssl traffic should be sourced from the inside interface. Does anyone know if this is possible? I was trying something l...
Hello,I hope someone has met this issue and found a solution.We have two sites with an ASA 5520 in each. We use ipsec l2l between the sites. My problem is that after upgrading to 8.2 an interesting and pesky problem arised. After the SA expires it re...
guys, the only way I can access my ASA is via SSH. It asks me for username which I put "pix" and for the password, I put the enable password I created.This however only gets me half way in because it then asks for the enable password. I type the enab...
I am seeing the following in the ASA syslog:[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 43 per second, max configured rate is 5; Cumulative total count is 26209According to...
Hi there,I have a funny problem.I build up a hub and spoke VPN, with RAS Client VPN access for the central location.All tunnels and the RAS VPN access are working fine. I use the tunnels for Voip, terminal server access and a few other services.The o...
Given the following config,host 192.168.0.1 should only open ports 80, 5067 to the outside world and should be able to access the web on port 80 and outside smtp servers on port 25 only.The problem is that host 192.168.0.1 allows all traffic in and...
Does anyone know of a way I can setup SSL VPN to allow users to remote desktop into their own individual PCs? I am looking into a way to allow a number of normally non-remoting, mostly non-technical users remote access back to their PCs. Our normal r...
