Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Of late I have seen quiet a few instances wherein Netwok adminstrators are facing issues with exporting wildcard certificates in pkcs 12 format from an ASA and use it on other network devices (mostly for SSL ). In this blog post lets disucss about th...
IntroductionResolution IntroductionConsider a scenario wherein we need to configure PIX as a DHCP relay so that clients behind the PIX could get IP addresses from a DHCP server which is behind a headend ASA. The ASA and the PIX are the VPN terminat...
Hi Paul, "processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3" indicates the remote VPN peer rejected the phase 2 proposal.The configuration snippet you have shared here seems fine, ISAKMP and IPSec debugs (debug crypto isakmp and debug crypto ipsec) fr...
Hi Daniel,Yes we can. We can generate a generate CSR from another device (like windows 2003 server: http://www.serverintellect.com/support/windowsserver2003/create-certificate-request.aspx) and obtain a wildcard certificate from the third party CA fo...
Hi Rasmus,This probably is a similar scenario as in this bug CSCsv68395 (http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv68395), wherein the CSD ignores proxy settings and tried to contact the ASA d...
Hi Ramu,Are you using ipsec vpn client or SSL vpn client? In either case, on the VPN router (which i believe is what you are connecting to), do you have split tunneling or U-Turning ? (Btw Split tunneling or U-turning/Hair -pinning) lets you have vpn...
Hi Ramu,Where do you see the ip conflict error ? at the client from where you are connecting via VPN ? What is the VPN server (ASA ? router ?). Please provide us the following:1. ip pool you are using for vpn clients, (show run would be better)2. ip ...
