Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hey,I have a remote location ASA5505 which is connected through an IPVPN/MPLS backbone to an ASA5520. Behind the 5520 lies the DHCP server.When I debug and use capture I can see the unicast packets from the DHCP relay agent on the 5505 all the way th...
Have you turned on inspect for h.323? It uses a certain port for control traffic and dynamic ports (if not configured otherwise) for data. Also open 1720/1721 in your acls!Sent from Cisco Technical Support iPhone App
I've looked at your configuration and Scott Conklin is right. You are lacking a NAT statement for your new subnet. Using packet-tracer would have revealed this for you though as you would have seen the flow being created and no NAT rule matching.
Most likely not possible on an ASDL modem and since he is doing NAT the solution would be as stated above to use NAT-T. Therefore pushing phase 2 up to udp/4500.
The ACS will map the user to a group on a first come, first serve basis. This is the behavior or 4.x. On 5.x though you can do nested grouping etc, but if you have to user being allocated the same attributes twice with different values only one of th...
