About Mark Walters

Mark Walters · 05-15-2012

Ok, this behavior is new to me. It would appear to have considerable security implications as well. Comments are welcome!My ASA (5520, 8.2(5)) terminates both L2L and Remote (User/RAS) IPSEC VPNs. Each L2L VPN has a crypto map sequence, and I have...

Mark Walters · 06-09-2018

Hi All - Looks like this feature is supported starting with 9.7(x). thanks, Mark

Mark Walters · 05-01-2018

Note that creating a static PAT and static one-to-one NAT for the same host does not appear to work using this "network object" method, at least on v8.6(1). The one-to-one NAT is always chosen, and the PAT is ignored, regardless of the order in whic...

Mark Walters · 03-21-2016

In my environment (non-FCoE) I was also seeing "Pkts discarded on ingress" on a 10G interface. The issue was a saturated downstream 1G port. Additionally, the ingress queue drops can potentially impact all ingress packets on an interface. That inc...

Mark Walters · 09-28-2015

Hi All - Please note that as of 9.0 code the ASA does support IPv6 NAT in various flavors - Nat66, Nat64, Nat46. http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/nat_overview.html#pgfId-1220768 cheersmark

Mark Walters · 12-08-2014

FYI I just used that MIB (CISCO-IETF-PW-TDM-MIB) to pull TDMoIP / CEM counters from an MWR2941 running 15.1(3)MRA2. OID is 1.3.6.1.4.1.9.10.131 cheersmark

Member Since	‎02-15-2010 07:00 PM
Date Last Visited	‎12-02-2020 01:06 AM
Posts	20
Total Helpful Votes Received	95

User Statistics

User Activity

ASA VPN: partner firewall can create IPSEC SAs for any networks!

Re: ASA /31 subnet mask

Re: Hi, Is there a specific

In my environment (non-FCoE)

Hi All - Please note that as

FYI I just used that MIB