About lchance

lchance · 01-17-2014

We need to add these lines into our ASA to adapt a cloud service tunnel. And those first two lines are not in the current ASA configuration.Can anyone help me understand this impact to L2L tunnels which are in session? I assume they're defaulting to ...

lchance · 08-07-2012

I need to automate a few commands, like SHOW CLOCK and then SHOW INTERFACE during specific hours for a few days.Is there a TCL script in a repository out there somewhere which may do this? Or is there anything else within IOS or outside IOS which cou...

lchance · 01-05-2012

Does AnyConnect support using IKE MAIN mode?I assume VPN CLIENT can not/will not?

lchance · 12-15-2011

We continue to fight battles with ISPs on UDP issues when a local ASA configured with VPNCLIENT stops working with UDP.The ISP will throttle UDP or else filter or it may even be getting dropped in the path, thus the VPN tunnel drops and won't rebuild...

lchance · 12-09-2011

Are these a type of round-robin DHCP lease and not timed? I cannot find anything about lease times for IP ADDRESS POOLS addresses.

lchance · 01-20-2014

Thanks...my ASA version is 9.1So, if I have many other active IKE/ISAKMP tunnels working solid then it seems this statement CRYPTO ISAKMP POLICY 222 can proceed without needing those other two lines.My biggest concern is adding those two lines and it...

lchance · 12-13-2011

I need to do this same exact thing for SSL.However, my release of ACS does not support it and it has been several months since I worked on my own issue.I recall there being a need to use OU= in a specific RADIUS group in ACS. It wasn't the IETF I had...

lchance · 09-30-2011

Thanks Jens...interesting method which I will use.But I am still curious as to why CAPTURE has so many parameters and how these are to be used. I did find some usage information online with the COMMAND LOOKUP TOOL however it does not exactly match wh...

lchance · 07-13-2011

Thanks for your reply...I inherited administration of this ASA so I'm trying to figure things out. And yes, all your assumptions are correct.These locations using Split-Tunnels want to deny traffic from all other 10dot networks except for 10.50.0.0 &...

lchance · 06-14-2011

very very helpful - thank-you!

Member Since	‎12-09-2004 01:35 PM
Date Last Visited	‎08-18-2017 03:56 AM
Posts	58

User Statistics

User Activity

Are these entries disruptive to active L2L & RA tunnels in session?

I need TCL help

Aggressive vs. Main - IKE Negotiation

Any failover abilities with ASA VPNCLIENT?

Does DHCP come into play with IP ADDRESS POOLS?

Are these entries disruptive to active L2L & RA tunnels in sessi

How do I control who has access to Clientless SSL VPN on ASA 552

Re: Is there a correct syntax for CAPTURE?

How do I allow & deny subnets into Split-Tunneled sites?

Re: How to recover the pre-shared key on a Cisco Adaptive Security Appliance(ASA)