About 640KB

640KB · 11-21-2024

Objective: Use ASA to support native VPN client for RA on current versions of Android, Windows 10/11 (and possibly others) using supported types such as IKEv2/IPSec+EAP/MSCHAPv2 for authentication.An ASA (ASA5516/9.12) is currently used for IKEv1/LT2...

640KB · 02-03-2022

I have what I think is a fairly straightforward configuration, though I cannot quite seem to get it working. I need to have a few different DMZ hosts with PAT on a specific IP (that's not the ASA interface IP), where also if one of these hosts initi...

640KB · 01-27-2022

On ASA IPv4 "dual ISP" failover is well documented (ex: here and here) and works well. Is this a supported feature for IPv6?Also, are there any technical documents that describe best practices for configuring IPv6 with two ISPs on a Cisco ASA?Thanks!...

640KB · 01-08-2025

Unfortunately no, I have not yet found a working solution to this.

640KB · 11-21-2024

Removed it on both tunnel-groups, but still getting hung up in the same place. I don't see any mentions of tunnel-groups/crypto maps in the debug, so is this happening before those?IKEv2-PROTO-4: (150): Searching policy based on peer's identity 'VPNG...

640KB · 11-21-2024

Right, that's the way I have it in that config. Should I remove the 'authentication-server-group' entirely then?

640KB · 11-21-2024

Yeah, that was the link I referenced - it had a lot of good information. Following as closely as I could is where I got where the policy was attempting to match on `IPv4 address` (which isn't how the example was working) so wasn't able to get any fur...

Member Since	‎01-27-2022 06:50 AM
Date Last Visited	‎01-15-2025 11:33 AM
Posts	7

User Statistics

User Activity

Cisco ASA IKEv2+IPSec Remote Access VPN

ASA Dynamic NAT with PAT, on static IP

ASA Dual ISP IPv6 failover

Re: Cisco ASA IKEv2+IPSec Remote Access VPN

Re: Cisco ASA IKEv2+IPSec Remote Access VPN

Re: Cisco ASA IKEv2+IPSec Remote Access VPN

Re: Cisco ASA IKEv2+IPSec Remote Access VPN