About Jason Lista

Jason Lista · 12-13-2021

Dilemma: Trying to make this ASA-5506X last a little longer. Issue noted on pen test that http security headers not set on the clientless vpn portal. Needs: 1) Firepower enabled (only works through 9.9.x)2) http-headers setting functionality (seem...

Jason Lista · 02-26-2015

Is that correct? It doesn't seem correct. I purchased an Anyconnect mobile license to add to my ASA 5505 which already had Anyconnect Essentials enabled. The activation key I received shows that I would be going from: License ...

Jason Lista · 10-15-2014

I have (had) a working AnyConnect VPN set up with no split tunnelling (U-turning/hairpinning traffic) with dual authentication (certificates and Active Directory credentials), running 8.2.5 code.I switched the SSL settings over from "Any" to "TLSv1 o...

Jason Lista · 03-26-2014

I have an AnyConnect VPN set up with no split tunnelling (U-turning/hairpinning traffic), running 8.2.5 code.This works great, but I want to allow the AnyConnect clients to access a site-to-site VPN as well, which I have been unable to do. I did chec...

Jason Lista · 12-15-2021

Thank you very much Marvin, much appreciated for the config guide. Any SSL service running will fail the pen test if the http-headers cannot be set, even if the keepout option is enabled.Looks like for any version that supports Firepower on the 5506X...

Jason Lista · 12-13-2021

Thanks Marvin, that does work to disallow access, but the portal page is still up. It seems once any kind of SSL VPN is up, the portal is available (even if just to download the anyconnect software). if the security headers are not able to be set, t...

Jason Lista · 09-16-2021

Is there any way to force the ASA to make the requests using its LAN IP on the inside interface?

Jason Lista · 07-09-2021

So believe it or not here I am again with this same problem, albeit with a different device (pfsense) on the other end. Still have:anyconnect client -> local network (inside) -> remote networks (ny2-network and ch1-network) (via site to site vpn)anyc...

Jason Lista · 02-26-2015

This did not work for me using self-signed auto-generated computer certificates, with Windows Server 2012 R2 and Win 7 machines, but it was the only response anywhere that put me on the right track. I spent weeks trying to get two factor authenticat...

Member Since	‎05-29-2011 10:40 AM
Date Last Visited	‎12-15-2021 05:50 PM
Posts	17
Total Helpful Votes Received	5

User Statistics

User Activity

5506X - trying to still use firepower with clean pen test

AnyConnect mobile license disables AnyConnect essentials

Failed to locate egress interface error after switching to TLSv1 only

AnyConnect VPN full tunnel cannot access site-to-site VPN

Re: 5506X - trying to still use firepower with clean pen test

Re: 5506X - trying to still use firepower with clean pen test

Re: Anyconnect authentication to LDAP server at remote site (across Si

Re: AnyConnect VPN full tunnel cannot access site-to-site VPN

This did not work for me