Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, Is there any list or way of finding out which Cisco products support 802.1ag / ITU Y.1731 “ETH-BN” bandwidth notification messages? Ideally there’s a firewall that can do it. I’ve seen various forum posts that say it’s either not fully implemente...
Hello,
I have a site-site VPN between a Cisco ASA & a non-cisco device. The 'sites' are sensors, which only have a couple of IPs so they're on /29 networks. I needed to add more sites, so copied the original VPN settings using the ASDM.
The sites...
Hello,
I am trying to configure an ASA5512-X to allow remote-access VPN and also site-site VPN. The interfaces are fairly straightforward - 'outside' interface goes out to the internet, 'DMZ' has a couple of sub interfaces for a webserver, database ...
Hello,
I've spent hours going round in circles trying to work out what I'm doing wrong here. I have a server in the DMZ on one ASA 5512 interface, and an internal network on a different one. What I want to do is to make the DMZ host accessible on t...
Hello,
I'm trying to add an ASA Firewall to an existing network.
The topology looks a little like this:
192.168.0.0/24 -------> 172.10.1.0/24 (router @172.10.1.1) ------> < new ASA > ---------> (router @ 172.10.1.5) -----> 172.20.1.0/24
In words:...
Thank you both for your assistance, I now know where to start looking and am confident you've got me on the right track.
The crypto ACL list only contains the 192.168.x.x addresses, so you're right, 8.8.8.8 isn't something it would know about. Yo...
Ok thanks, so client will appear on the outside interface, then there will be NAT/ACL into the network.
1). The NAT entry will NAT the VPN address pool into the relevant network.
2). The ACL will check the address pool & users to allow.
Correct?
M...
That NAT rule you gave me has worked!!!... but I don't understand why!! Can you please explain the difference between the rule within the object and your manual statement?
The new packet trace has a different first step;
packet-tracer input INTERN...
Here's the output. I think you're on to something. It doesn't look like nat is doing anything...?
# packet-tracer input INTERNAL-VLAN icmp 172.16.10.15 $Phase: 1Type: ROUTE-LOOKUPSubtype: Resolve Egress InterfaceResult: ALLOWConfig:Additional Info...
