About jbalchunas

jbalchunas · 12-15-2008

I recently configured and installed ASA-5520s as a replacement for EOL PIX-525 set. This new configuration utilizes sub-interfaces for partner connections. Traffic is passing through the interfaces, but I am curious as to why the sub-interfaces are...

jbalchunas · 11-11-2008

I have two IPS 4240s that may be placed between our internal network and our extranet firewall. The firewall set is your standard ASA-5520 active/failover pair connected to two switches.Q1 - If I am not worried about atomic attacks, is there any oth...

jbalchunas · 12-13-2007

Does anyone know if there is a way to export a list of accounts set to expire in CS ACS (Windows)? I do not see any such option in the GUI or in the CSUtil utility.

jbalchunas · 12-03-2007

I'm troubleshooting a site-to-site VPN tunnel between our Cat 6506 w/ VPN module to peer's PIX-515. The peer's crypto config appears to be incorrect and has two tunnels built between it and our VPN module.Example:!crypto map mymap 1 match address ac...

jbalchunas · 03-11-2009

Second question first - When a new failover mate powers up, regardless of Primary or Secondary, the Active partner does not automatically change over to the configured Primary. An event has to occur to cause the current Active mate (Primary or Secon...

jbalchunas · 03-10-2009

I can't say that I have seen this. I just tested the procedures I listed above on a pair of old PIX-525s and got the desired results twice - once with Serial-based failover and again with LAN-based failover. I do have to note that one command is mi...

jbalchunas · 01-05-2009

You're welcome.

jbalchunas · 12-20-2008

The 'failover group' command is only for active/active pairs in multiple context mode.REF:http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/ef.html#wp1927152And the new ASA will not push over a blank config, it will receive the con...

jbalchunas · 12-19-2008

First thing to keep in mind is that your replacement firewall should be the same model, version of ASA OS and license-type as the original.Configuration is rather simple (assuming the above is true and you are connecting to the same ports the old fir...

Member Since	‎10-12-2005 12:15 AM
Date Last Visited	‎08-18-2017 03:55 AM
Posts	22
Total Helpful Votes Received	10

User Statistics

User Activity

ASA 5520 - Failover monitoring of sub-interfaces

IPS 4240 Design Question

Export Expiring Accounts in CSACS

PIX Crypto Tunnel Selection

Re: Failure of primary FW seconday now active-replacing primary

Re: Failure of primary FW seconday now active-replacing primary

Re: Failure of primary FW seconday now active-replacing primary

Re: Failure of primary FW seconday now active-replacing primary

Re: Failure of primary FW seconday now active-replacing primary