Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I'm trying to implement NAT on ASA and I found very strange behavior.a) I started with dynamic NAT:object network MY-RANGE-OBJ range 172.16.1.100 172.16.1.120object network MY-INSIDE-NET subnet 10.0.0.0 255.255.255.0ASA1(config)# object network MY...
Hi,there is one parameter 'acl' which is unclear for me, it's configured on client site:crypto ipsec client ezvpn VPNconnect autogroup EASYVPN key ciscomode clientpeer 10.0.0.1username cisco password ciscoxauth userid mode local acl 101Whatever I add...
Hello,I'm trying to find reasons of strange (for me) easy VPN behaviour. I added split tunneling into server configuration and my 1st ACL looks like:access-list 102 permit ip 20.0.0.0 0.0.0.255 10.10.10.0 0.0.0.255when I pinged (from source 10.10.1...
Hi,I'm trying to run GETVPN on small test network. I have three routers:R1 - as KS R3 & R4 as a membersR1 config:crypto isakmp policy 10 encr aes hash md5 authentication pre-share group 2crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0!!crypto ipse...
Hi,One of my users need to work sometimes in second (not our) office and have access to printer. The problem is that the in the remote and local office there is the same network (10.0.0.0/24). VPN's policy distinguish network 10.0.0.0/24 that should...
Hi,the acl for VPN filter works a bit different than normal access-list. If you want to accept ssh from location A->Baccess-list vpn-traffic extended permit tcp 192.168.0.0 255.255.255.0 eq ssh 172.16.16.0 255.255.255.0 and deny from B->A:access-li...
You wrote:"Ping from 10.0.0.251 to 192.168.2.100 == 100% packet loss"and "If I start a constant ping from 10.0.0.251 to 192.168.2.100 then the machine 192.168.2.100 is able to ping 10.0.0.251"Did you mean 100% sucess ?
Hi,the problem is resolved now, client in 'network-ext' mode with 'acl' parameter works with external network behind the client (50.50.50.0/24):crypto ipsec client ezvpn VPN connect auto group EASYVPN key cisco mode network-ext peer 10.0.0.1 user...
