Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We use the RSA server to backend our user authentication for our Anyconnect home VPN users. There have been requests to have some of our home users have static IP addresses while on the Anyconnect. I have not been able to find a working example on ho...
I can't seem to find any documentation to how to get this working. I'm trying to make it so that only users of a certain AD group are authenticated for my Anyconnect VPN on my ASA 8.2.2I've found the documentation on how to prevent logins using the ...
I've seen a few discussions about this, but I've not been able to find an answer as to why this keeps failing. I have a Centos 5.5 server that I use for configuration file management and I have been unable to get my 6509E to send the configuration us...
I would like to know if it is possible to setup my ASA running 8.2 to log events from when my users log on and off the anyconnect client. There was a security issue with one of our remote systems and it has been impossible to try and determine who ha...
Consistently I see similar errors like this in my logs. The src address is actually my SCCM server (policy server) and the dst address is a remote VPN user who connects with the AnyConnect client.%ASA-4-419002: Duplicate TCP SYN from inside:10.2.152....
Thanks, DAP does seem to be the way to go with this. I found a similar article to what you posted last night which confirmed the same type of screenshots. I will just have to set time aside to update my policies on my ASA to take advantage of this. I...
Just a follow up. While the correct eventID does work, one issue that i've found is that when a user resumes a connection, they tend to get a new IP address from the pool and this is not logged. The actual log line looks something like this:%ASA-6-72...
Thanks. The 722# ones apply to the SVC stuff as well. Unfortunately, it's still limited in it's usefulness. While it does show the userID connected, it shows the external IP address associated with it. I still can't seem to find a way to correlate th...
I've been running this on some client 1811 routers with success. Here is a basic config that should work:!! I use a delay on the up/down to prevent some flapping issues that could arise.track 11 ip sla 11 reachability default-state up delay down 90 u...
Thanks for the response. I originally thought about doing that but the issue there is, that IP address will pretty much always be up. The next hop is an ISP ethernet handoff, so connectivity to that IP address will be up 99% of the time (unless that...
