About bob.mcchesney

bob.mcchesney · 03-05-2012

Hello,One question I have seen asked repeatedly is "How can I add an ACL to allow *some* traffic from one security interface to a higher one, while still allowing (the implicit rule for) all traffic to lower ones?" The answer is always that you can't...

bob.mcchesney · 03-02-2012

Hello,I am having an issue where ICMP "Unreachable, need to fragment" packets sent by the ASA are not delivered, apparently due to asymmetric NAT rules, when communicating over IPsec VPN. The device is a new Cisco ASA 5510 with Security Plus, running...

bob.mcchesney · 12-16-2011

This is my first post so I hope I explain the problem suitably and can get someone interested. =)I seem to be having an issue where certain very packets are being dropped/lost by my office router. The reproducible situation is, when I attempt a DNS z...

bob.mcchesney · 05-28-2012

Hello,I have confirmed that it is the same bug I was experiencing.Thanks for sending the link to software images but I do not have access. I would need an active support contract for access to those downloads. However, as the unit is under warranty I...

bob.mcchesney · 05-28-2012

Hello,That is very useful thank you. The bug description you sent seems to match my problem exactly.I am on version 8.2(5)26 and I do not have a support contract, but the unit is in warranty (purchased at the start of the year). Am I entitled to an u...

bob.mcchesney · 05-28-2012

Hello,I'll gladly provide the configuration. I'll send you a private message with the configuration in a few minutes.Regards,Bob

bob.mcchesney · 05-28-2012

Hello,I did some more testing on this whenever I had time but I couldn't find an alternative solution that didn't involve changing the MSS of TCP handshakes. I'm marking your solution as the correct answer. Thank you very much for your help.Regards,B...

bob.mcchesney · 05-24-2012

Hello,It appears that attempts to get IPS auto-update working (whether by ensuring that password is not 8 characters long, or using the workaround of manual update) may be moot. It looks like Cisco has not released a new IPS Signature package since M...

Member Since	‎08-22-2012 06:41 AM
Date Last Visited	‎08-18-2017 03:55 AM
Posts	17

User Statistics

User Activity

Efficient ASA access control lists

Cisco ASA IPsec, NAT bypass, PMTU-D issue

Router dropping certain packets (consumed by NAT Outside)

Cisco ASA IPsec, NAT bypass, PMTU-D issue

Cisco ASA IPsec, NAT bypass, PMTU-D issue

Cisco ASA IPsec, NAT bypass, PMTU-D issue

Cisco ASA IPsec, NAT bypass, PMTU-D issue

Re: [IOS IPS 15.1T2] Auto-update from Cisco not working