Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,I am looking for help in setting up address translation on an ASA (version 7.2) with the following scenario:-- four network interfaces: inside, DMZ1, DMZ2, outside-- inside and DMZ1 have limited number of subnets, DMZ2 has many subnets (routin...
On a VPN client configured for mutual group authentication to a VPN 3000 headend, is it possible to restrict which root certificate is matched against the VPN concentrator's identity certificate?Background: multiple CA root certificates are installed...
Hi all,can anybody help me with the following problem: a Cisco VPN client (4.0.5D) connects to different VPN 3000 concentrators (all on 4.1.7A) using certificate based authentication. During IKE negotiation (main mode), the payload with which the cli...
Hi,I've seen that, too -- my guess is that this indeed is a bug: the ASA 5505 internally has switch ports only, which are kept separate by using VLANs. Apparently, the 5505 SNMP agent is smart enough to show the VLAN interface names and addresses, bu...
Hello zulgurnain,thank you, basically this would work. Unfortunately, DMZ2 has a couple of hundreds of subnets, which also change frequently (this is why I use a routing protocol on that interface). Therefore, I am looking for a configuration where I...
Ordering the list does not help, because I want only to match against certain of all installed root certificates.Thanks nevertheless ... in the meantime, I found something:-- VPN client version 4.0.5: no restriction possible, only the certificate sto...
Hello "ehirsel",the client is running on Windows XP Professional SP1. In both cases, "IPSec over NAT-T" is configured, which does a NAT detection and uses the UDP port 4500 if NAT is required. In all test cases, client side NAT was detected, and no N...
