Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi
I have tried to enable Jumbo frame support on some switches , but cannot seem to get it working . I understand on edge switches I need to enable and on core just need to configure ports ? Can advise if I am doing it right ? , is there an easier wa...
Hi
looking for help on anyconnect ! any ideas appreciated - thank you
I am trying to setup an anyconnect IKEv2 service. I have installed
asa9.17
anyconnect mobility client 3.1.141018-pre-deploy-k9 at a windows 7 machine
I have a self signed certif...
Hi
I am trying to set up a site-to-site between am asa5506x which is behind a broadband and has a dynamic Ip address on outside interface. This is to another asa with a fixed IP.
I have used adsm to configure the connection profiles at both sides a...
Hi
I am having problem getting a failover working between two asas. They are both routed and single context and same licence. . I have a crossover in the eth0/2 interface . ( ive changed Ip addresses to protect the innocent ).
I have tried reloading...
Hi
I am planning to enable jumbo frames on a 6509e . looks straightforward ...enable jumbo egress globally "system jumbomtu 9000" then on vlans and ports/port channels passing jumbo frames set the "mtu size " . ( hopefully I have this bit right ! ) ....
I got thsi working with a chnage as below:
group-policy GroupPolicy_AnyconnectConnprofile attributes wins-server none dns-server value 10.128.161.193 10.128.161.194 vpn-tunnel-protocol ssl-client
if however i change this back to vpn-tunnel-protocol ...
I understand Karsten - Thank you
I made the change :
(config-webvpn)# enable outside INFO: WebVPN and DTLS are enabled on 'outside'.
but i get teh same error as before I am afraid.
H Karsten
thanks for the reply ... however not sure what you mean - the outside interface of the asa is the "public " or internet facing .interface ..if so config is right.
is this what you mean or something else ...
I have solved this - thanks anyone who looked ....
it has to use IKEv2 and it has to have the Ike-id on the remote unit to match the tunnel-group ( I had changed it at both ends ) .
the cisco doc above is correct but this point wasn't clear to me ...
I have since made some progress.
I can get the VPN up for a single remote site.
this was achieved by using a Key-ID in the Ike parameters and setting this key-id to the same as the tunnel-group .( if these two do not match then the connection fails )...
