Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We have noticed on the ASA that the IKE parameters are declared in a Global list. I'm assuming during phase one, each setting would be tested for "best fit", selected, then move into phase 2.Is there a way to hard code the Phase one settings (encrypt...
So, before anyone goes on the "just design a better solution" train. This is more for educational purposes.We had a lab setup, which when a failover happened, the PAT session was oblivious to this, so stayed "UP". However, the client system knew, so ...
I have a s2s tunnel setup between 2x ASA's.It works fine and I can ping fine between users A & B. (192.168.100.2 <-> 192.168.200.2)However, if I try to ping from the Inside int, to the user on the other side, so same subnet, it gets blocked.ASA A Ins...
I have an ASA 5506 that I had ROMMON access to....I was doing a password recovery, so was surveying the menu settings.... I'm pretty certain now I selected yes to: disable "display break prompt"? Now I am in a position where the break key doesn't loa...
Like the title says, I am looking to setup a connection to an endpoint, but, with connectivity via 2 x IKEv2 tunnels (I've only even done single tunnels). It appears to me that if we set them up in paralell, we would run into all sorts of NAT issues ...
That's what I thought... however, if you have say for:priority 1 = sha512 , aes 256 gcm, timeout 86400 secondspriority 2 = sha512 , aes 256 gcm, timeout 28800 secondsThe far end say they have only the option for:sha512 , aes 256 gcm, timeout 28800 se...
so I've opened to rules up completely and my current rules on ASA1 are:InsideIncomingany4 to any4 ip allowOutgoingany4 to any4 ip allowTunnel-VTI1 Incomingany4 to any4 ip allowOutgoingany4 to any4 ip allowUser A <-> User B works fineInside-ASA1 <-> U...
I had a feeling it was something fundamental on the ASA's. I can do the management setup in the lab, but doubt I will be able to do so in production, but definitely good to know!Thanks Aref!
