Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We're getting ready to turn up some metro ethernet circuits that were just installed by AT&T. AT&T has provided a VLAN for each remote site (so each site has its own VLAN), and those VLANs are trunked to our head end switches (Cisco 3750 Metro Switch...
I'm currently testing an ASA 5520 to provide remote access to a network via IPSec. Everything is working fine, and when the clients connect to the ASA via IPSec, they get an IP address assigned from a DHCP server on the inside network. IP address ass...
I'm testing LDAP authentication on our ASA and it is working well. A problem I am experiencing though is that we have some users who log in as 'DOMAIN\user' and 'user@domain.org'. LDAP authentication doesn't appear to support this. I'm able to log in...
Does anyone know which specific permissions within Microsoft AD the username programmed into the ASA for LDAP authentication needs to have? The documentation just states that the username needs to be an administrator within active directory, but I do...
I'm installing some new ASA 5520's which will be used strictly for VPN connections (both lan-to-lan and client connections).I have some questions about the best way to setup redundancy and failover and integrate it into our network. I've attached a d...
Are you running an ASA? Version 8.2 offers official support for Share point:http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-526545.html-Steve
Like kwu2 said, you'll need to have a layer2 trunk between both switches which trunks the inside, outside, and if you have it, dmz vlans. How does your provider offer redundancy? Do you have a static route pointed to an HSRP address on their side? If...
Okay, I just spent some time looking at this in much more detail. I was mistaken, when DHCP is used, the subnet mask is correct.The problem I am having though is when using a framed-ip address sent by the RADIUS server. In this situation, my username...
I'm not able to get a packet capture on the DHCP server right now as it is a production domain controller, and I'd need to go through our change control process to install software on it.I may be able to setup a quick lab at home sometime tomorrow to...
So here is what I've found out after working with TAC. There is a bug in 8.2.1 which prevents the strip realm and strip group commands from working. I downgraded to 8.0, and it works, but that only supports user@domain, and not DOMAIN\user.So, my wor...
