About Youreateapot418

Youreateapot418 · 03-20-2025

We have noticed on the ASA that the IKE parameters are declared in a Global list. I'm assuming during phase one, each setting would be tested for "best fit", selected, then move into phase 2.Is there a way to hard code the Phase one settings (encrypt...

Youreateapot418 · 02-20-2025

So, before anyone goes on the "just design a better solution" train. This is more for educational purposes.We had a lab setup, which when a failover happened, the PAT session was oblivious to this, so stayed "UP". However, the client system knew, so ...

Youreateapot418 · 02-19-2025

I have a s2s tunnel setup between 2x ASA's.It works fine and I can ping fine between users A & B. (192.168.100.2 <-> 192.168.200.2)However, if I try to ping from the Inside int, to the user on the other side, so same subnet, it gets blocked.ASA A Ins...

Youreateapot418 · 01-17-2025

I have an ASA 5506 that I had ROMMON access to....I was doing a password recovery, so was surveying the menu settings.... I'm pretty certain now I selected yes to: disable "display break prompt"? Now I am in a position where the break key doesn't loa...

Youreateapot418 · 01-12-2025

Like the title says, I am looking to setup a connection to an endpoint, but, with connectivity via 2 x IKEv2 tunnels (I've only even done single tunnels). It appears to me that if we set them up in paralell, we would run into all sorts of NAT issues ...

Youreateapot418 · 03-21-2025

This is exactly the info I was looking for, thank you Rob!

Youreateapot418 · 03-21-2025

That's what I thought... however, if you have say for:priority 1 = sha512 , aes 256 gcm, timeout 86400 secondspriority 2 = sha512 , aes 256 gcm, timeout 28800 secondsThe far end say they have only the option for:sha512 , aes 256 gcm, timeout 28800 se...

Youreateapot418 · 02-24-2025

Tried this, same issue. Hits default rule.

Youreateapot418 · 02-19-2025

so I've opened to rules up completely and my current rules on ASA1 are:InsideIncomingany4 to any4 ip allowOutgoingany4 to any4 ip allowTunnel-VTI1 Incomingany4 to any4 ip allowOutgoingany4 to any4 ip allowUser A <-> User B works fineInside-ASA1 <-> U...

Youreateapot418 · 02-19-2025

I had a feeling it was something fundamental on the ASA's. I can do the management setup in the lab, but doubt I will be able to do so in production, but definitely good to know!Thanks Aref!

Member Since	‎10-24-2023 05:27 AM
Date Last Visited	‎04-29-2025 11:19 AM
Posts	37
Total Helpful Votes Received	4

User Statistics

User Activity

Is there a way to hard select IKE parameters on an ASA?

PAT query (TCP) (in general, but also ASA specific)

Do ASA's block ping from an interface to a network via another int?

Access lost to ROMMON on ASA 5506

Single ASA connects to end point via 2 separate IKEv2 s2s tunnels

Re: Is there a way to hard select IKE parameters on an ASA?

Re: Is there a way to hard select IKE parameters on an ASA?

Re: Do ASA's block ping from an interface to a network via another int

Re: Do ASA's block ping from an interface to a network via another int

Re: Do ASA's block ping from an interface to a network via another int