Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Background:Usually when we have a problem with a VPN user attempting to connectto an inside service, we turn to our ASA syslogs to determine where theconnection is being prohibited (or other errors such as the user tryingto connect to the wrong machi...
I've run into some problems trying to get SNMPv3 informs to work.Currently I am working with this simplified (by removing views and ACLs) config:snmp-server engineID remote XX.XX.XX.XX XXXXXXXXXXXXXsnmp-server group foobar v3 privsnmp-server user foo...
At my last count there were 182 different "match protocol" statementsone could put in an inspection class-map.Some of these inspections are there only to allow you to filter on L7fields. Some, FTP for example, must be in your class map or active-mod...
Looking for some experienced feedback, as we are upgrading soon and are considering altering a detail her or there when we do so.In a mixed environment, at what ratio of CCX-supporting clients to non-CCX-supporting clients should one consider switchi...
I'm trying to figure out exactly what is preventing a quiet device using MAB port-control from seeing either ARPs or flooded unicasts after its authentication goes stale.The port configuration is as follows:switchport access vlan XXXswitchport mode a...
We never had a pressing need to do this.
If we are talking about Windows clients, and nowadays, we are using EAP over IKEv2 (with PEAP if you care) then one option I could think of is this: there is support for "statement of health" packets in some...
Yay... finally figured out a workaround for this one. If you add a local snmp user with the same name and parameters as the remote SNMP user, then everything suddenly works. A clue if you are having this problem is that when you list snmp users aft...
I'd like to keep this question open a while to see what others in the community may have to add.By the way, one way I have found to figure out which protocols may need this is to look at whatprotocols the Linux netfilter suite provides "helpers" for....
Yes, this is the reason why some protocols need to be inspected.Others need to be inspected to do rewrites in the case of traffic undergoing NAT on the same ZBFW.My question is, of the inspections available to us, which perform such functions?
