About esa_fresa

esa_fresa · 06-06-2018

We are sending traffic sourced from the ASA's inside interface over our l2l vpn tunnel. We need to NAT the inside interface's IP address. NAT works when we ping *to* the inside interface over the tunnel; we receive replies and we see hit counts on th...

esa_fresa · 05-03-2018

When I attempt download a file from our public FTP server to any of our 3850's I get the below error message. %Error opening ftp://*****:*****@11.22.33.44/cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin (Incorrect Login/Password) I'm using this com...

esa_fresa · 05-01-2018

We have a single router (4331) that connects to our ISP. We do PAT (dynamic nat) to give users internet access. Now typically we'd have an OUTSIDE-IN ACL that blocks traffic from the internet. My question is, if we're using PAT and have no static 1-t...

esa_fresa · 05-01-2018

We're performing an upgrade and will need to reboot our ESA (C100v). We were told to suspend the listeners prior to reboot and make sure there's no mail left in the queue. My question is, does our email server still receive emails while the listeners...

esa_fresa · 04-24-2018

You can see the bgp topology table that I have two routes for 10.32.0.0/16. The one for EIGRP is put into the routing table even though BGP has the lower administrative distance. Can someone help me understand why this is the case? And how would I ch...

esa_fresa · 06-11-2018

Oh for sure, I love the asa model. This is just an annoying limitation of it.

esa_fresa · 06-11-2018

So I read on another forum post that the ASA will never NAT traffic sourced from its own address. Looks like that's the issue.The ASA also doesn't seem to have an "always up" interface like a loopback, so I think i'm out of luck on getting this to wo...

esa_fresa · 06-08-2018

Does anyone have any ideas on this?

esa_fresa · 05-09-2018

We ran a packet capture on the ftp server and tcp debugs on the switch. Both sides were saying the other one sent a tcp reset packet. The issue turned out to be an IPS appliance sending (spoofing) RST packets to both the server and the client.

esa_fresa · 05-08-2018

@mickyq Hey Mickyq, would you mind marking the response about the ISP as the answer? Sounds like quite a few people are having this same problem.

Member Since	‎05-03-2015 08:06 AM
Date Last Visited	‎08-24-2018 02:02 AM
Posts	105
Total Helpful Votes Received	30

User Statistics

User Activity

NAT only works in one direction

FTP to 3850 fails, incorrect username/password

Is an ACL needed when using PAT?

ESA - What happens to email if listeners are suspended?

Why is EIGRP ahead of BGP in my routing table?

Re: NAT only works in one direction

Re: NAT only works in one direction

Re: NAT only works in one direction

Re: FTP to 3850 fails, incorrect username/password

Re: Ignoring IKE SA (dst) witho ut VM bit set