About kicharle

kicharle · 10-27-2009

HiI am trying out EzVPN with split dns.On the IOS EzVPN server, the split-dns is "test.com"crypto isakmp client configuration group minekey ciscodns 10.20.30.40pool minesplit-dns test.comsplit-dns www.win2003.comI have connected IOS router as a clien...

kicharle · 10-16-2009

Hi allWith pre-shared key, if I need to initiate an aggressive site to site IPSec connection, I configure the following:crypto isakmp peer hostname ciscoasa set aggressive client-endpoint fqdn ciscoasa set aggressive password ciscoBut if I am going t...

kicharle · 10-05-2009

Hi With ASA failover in transparent mode, I don't see the mac-address-table replicated from the primary to secondary unit. Any comments...With regardsKings

kicharle · 09-30-2009

If I shuthown a monitored physical interface, the active ASA doesn't swtich over to standby. Shutdown also brings the communication down. It should also be considered as reason to trigger the failover.

kicharle · 09-29-2009

Hi all I am trying two solutions for getting "traceroute" across ASA to work. First solution is working for me but the second solution is not working.Am I missing something? Solution 1 Allowing the "time-exceeded" and "unreachable" to outside interf...

kicharle · 12-08-2009

It should work fine.With Anyclient, the the traffic will come through the WAN interface, then virtual-template and then only to the LAN interface. So the solution is that, you need to create a zone and asscoiate the zone to the virtual-template.Since...

kicharle · 12-02-2009

Hi JayYou definitely need a Key Server as that is router which is going to push the security polices to the Group members. But it can't be part of the IPSec connections i.e., not a Group member.You can run other services and features on that router. ...

kicharle · 11-30-2009

When you use IPSec with certificates, the peers send the IKE identity with hostname not the IP address in the IKE meesages. Hence you need a tunnel group matching the hostname that is being sent in the IKE messages.If you want to match any parameters...

kicharle · 11-22-2009

HiDMVPN only encrypts the traffic that goes through the tunnel. If you want split tunneling, then you need to just have the routing protocols in the DMVPN hub or spokes to advertize the networks that needs to be encrypted. By doing this, routes will ...

kicharle · 11-20-2009

To which interfaces have you mapped vlan 1 and 2. If you have connected the client in "cleint mode" you can't ping them from the main internal network to the remote clients. You can only ping from remote client to internal network behind the ASA.With...

Member Since	‎09-20-2005 10:13 PM
Date Last Visited	‎08-18-2017 03:54 AM
Posts	18

User Statistics

User Activity

EzVPN with split dns

Initiating aggressive mode with IPSec

Failover with ASA in transparent mode

ASA switching over from Active to stanby

Traceroute across ASA.

Re: SSL VPN & ZFW

Re: Get VPN without Dedicated Key Server

Re: Differences when matching certificate rules.

Re: DMVPN and Split Tunneling

Re: ASA 5505 with Cisco VPN Client