Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We are authenticating our systems through dot1x. I also need to be able to authenticate our Cisco admins using the same ACS server. I see how to configure a switch to do both TACACS+ and RADIUS, but I don't see how to setup ACS to allow a switch to u...
I shouldn't try to answer questions when I'm in a hurry. Sorry.I can't get to our equipment know, so this is off the top of my head. You are right. Only one nat0 is allowed. Rename the second nonat acl. So it should look like:access-list vpn permit i...
Yes, it conflicts. Name the acl "access-list nonat permit ip 10.10.10.0 255.255.255.0 192.168.2.0 255.255.255.0 " to something else.You can use which ever DH group you want as long as both ends support it. Some of the Cisco clients and devices don't ...
Your other problem is that access list 101 is incorrect. You have applied it to the outside interface, so the addresses used must be the global addresses. You have used the local address (10.0.0.1)for the FTP server. The access list is evaluated befo...
