About David99

David99 · 06-30-2016

Hey Folks, So I have a bit of an odd issue with an ASA tring to reach Link Local addresses (Two switch IPs and HSRP address). Pings to/from the firewall using the global IP are working, however pings to the LL IP are not. When I ping the HSRP IP from...

David99 · 07-06-2016

You are quite right in that VPN filters do work both ways, but in my experience they can become very messy when doing this, for example you end up with lots of rules like this: FW1---access-list VPN-FILTER extended permit tcp host 10.10.10.10 host 19...

David99 · 07-02-2016

Well there's plenty of people around to help you make sense of them :) The 5505 is different to the rest of the ASA family in that it also has a built in switch. Typically in my experience you would configure SVIs on the firewall rather than on the s...

David99 · 07-02-2016

It's worth noting that you dont HAVE to use subinterfaces - if you switch ports are in access mode then you will only set the VLAN on the switch. If however you are using an 802.1q trunked interface (with a switch that can do this) and you want to ca...

David99 · 07-02-2016

Just for the sake of completion, there are actually 2 ways you can achieve this. As you have noted; unless you disable the sysopt connection permit-vpn setting, ALL traffic which matches the crypto ACL for that peer is allowed over the VPN by default...

David99 · 07-02-2016

Are the ports actually listening on the server? If it's actually specifying CLOSED, then this could suggest you got an actual response such as a TCP reset. FILTERED would be different What happens when you try to telnet to the public IP on these port...

Member Since	‎12-29-2014 07:40 AM
Date Last Visited	‎08-18-2017 03:51 AM
Posts	30
Total Helpful Votes Received	20

User Statistics

User Activity

IPv6 icmp packet deny mystery - Cannot establish neighbor with Link Local IP

You are quite right in that

Well there's plenty of people

It's worth noting that you

Just for the sake of

Are the ports actually