Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
HiI am trying out EzVPN with split dns.On the IOS EzVPN server, the split-dns is "test.com"crypto isakmp client configuration group minekey ciscodns 10.20.30.40pool minesplit-dns test.comsplit-dns www.win2003.comI have connected IOS router as a clien...
Hi allWith pre-shared key, if I need to initiate an aggressive site to site IPSec connection, I configure the following:crypto isakmp peer hostname ciscoasa set aggressive client-endpoint fqdn ciscoasa set aggressive password ciscoBut if I am going t...
Hi With ASA failover in transparent mode, I don't see the mac-address-table replicated from the primary to secondary unit. Any comments...With regardsKings
If I shuthown a monitored physical interface, the active ASA doesn't swtich over to standby. Shutdown also brings the communication down. It should also be considered as reason to trigger the failover.
Hi all I am trying two solutions for getting "traceroute" across ASA to work. First solution is working for me but the second solution is not working.Am I missing something? Solution 1 Allowing the "time-exceeded" and "unreachable" to outside interf...
It should work fine.With Anyclient, the the traffic will come through the WAN interface, then virtual-template and then only to the LAN interface. So the solution is that, you need to create a zone and asscoiate the zone to the virtual-template.Since...
Hi JayYou definitely need a Key Server as that is router which is going to push the security polices to the Group members. But it can't be part of the IPSec connections i.e., not a Group member.You can run other services and features on that router. ...
When you use IPSec with certificates, the peers send the IKE identity with hostname not the IP address in the IKE meesages. Hence you need a tunnel group matching the hostname that is being sent in the IKE messages.If you want to match any parameters...
HiDMVPN only encrypts the traffic that goes through the tunnel. If you want split tunneling, then you need to just have the routing protocols in the DMVPN hub or spokes to advertize the networks that needs to be encrypted. By doing this, routes will ...
To which interfaces have you mapped vlan 1 and 2. If you have connected the client in "cleint mode" you can't ping them from the main internal network to the remote clients. You can only ping from remote client to internal network behind the ASA.With...
