About Eric Snijders

Eric Snijders · 07-23-2020

So for the past couple of months we've been building an environment in Azure. With trial & error i've experienced that on the Cisco ASA's side, i need to specify the complete VNet address spaces (we are using 2 address spaces in 1 VNet) in 1 SA (mean...

Eric Snijders · 07-02-2020

Hi all, So we've deployed a Cisco ASAv in Microsoft Azure, which is working fine. But we are having a lot of trouble with updates and monitoring agents. Now i know you can't just whitelist wildcard domains, but it seems like we really need to do some...

Eric Snijders · 01-26-2020

Hi all,I think i have a simple question but i have no solution for it. Imagine the following topology:I've left out all the unimportant stuff.Now basically what my question is: is there any way i can make SERVER01 ingress at Gi0/1 (Customer interface...

Eric Snijders · 12-09-2019

I try to understand some simple NAT things on Cisco ASA.I have multiple machines PAT'ed (Hide) to the Outside interface to provide Internet connectivity.On of those machines also has a application running on tcp/7550 which i want to access over the I...

Eric Snijders · 11-25-2019

We are running a 5516-X ASA, but not using FirePower. Is there any way i can disable FirePower? Because everytime i use ASDM i'm getting the error that it can't connect to the FirePower module.

Eric Snijders · 02-25-2025

No, shutting down just the FirePower module on a ASA does not require a reboot on the ASA.

Eric Snijders · 07-23-2020

I can share some details with you:Yellow = Azure WANBlue = Cisco WANI'm not really sure what i'm looking for, but interesting to me looks packet #9, which has the "Traffic Selector - Initiator" and "Traffic Selector - Responder" headers, looking like...

Eric Snijders · 07-23-2020

Both side not use PFS values. does your remote side have a same access-list Yes, PFS is not used. It's a VPN Tunnel between a Cisco ASA and Microsoft Azure. Unfortunately, i cannot statically specify a source within Azure. You can only configure the ...

Eric Snijders · 07-23-2020

Hi Sheraz,Yes, Phase1 forms just fine. Phase 2 only works when "our" side (ASA) initiates the session. I've just found this article, describing the cyphers used by Azure when responding or initiating: https://docs.microsoft.com/en-us/azure/vpn-gatewa...

Eric Snijders · 07-23-2020

I had PFS configured on my ASA. I just stripped it off, but still the same issue. When "we" (e.g.: the ASA) initiates everything goes fine. When Azure initiates i'm getting issues.I've also enabled IKEv2 Platform debugging, and just before the earlie...

Member Since	‎06-10-2012 11:25 AM
Date Last Visited	‎03-04-2025 02:00 PM
Posts	109
Total Helpful Votes Received	1

User Statistics

User Activity

IKEv2 IPsec SA Issues only when we are the Responder

ASAv Whitelisting Wildcard Domains

Hairpin Traffich through different interface?

Help me understand this simple NAT thing

How to disable FirePower?

Re: How to disable FirePower?

Re: IKEv2 IPsec SA Issues only when we are the Responder

Re: IKEv2 IPsec SA Issues only when we are the Responder

Re: IKEv2 IPsec SA Issues only when we are the Responder

Re: IKEv2 IPsec SA Issues only when we are the Responder