Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am trying to set up my ASA5510 the failover of ISP when it can't ping three different IP. I create three different tracking to three different IP using sla monitor & track rtr. But when I do route isp2 0 0 yy.yy.yy.yy 50 route isp1 0 0 xx....
Hi,I have two ASA5510 each with a security plus license and 10 SSL VPN licenses, in active/standby mode at version 8.4(4)1. It only allows up to two vpn clients (AnyConnect & SSL VPN) at a time, any extra vpn client would receieve "Login Failed" mess...
Hi,I have two sites each having an ASA 5510 firewall. Anyconnect clients connected to one site can access resources in both sites. Webvpn clients connected to one site cannot access resources in another site. Is there something I have missed out?Than...
Hi,I'm trying to set up a site to site VPN between my two ASA 5510 ver 8.3. Both site A and site B can access each other without any problem. Is it possible to configure the site A firewall so that site A can fully access site B but site B can only a...
Hi,I am trying to set up my ASA 5510 ver 8.3 (ASDM 6.3). My inside network is 192.168.1.0 mask 255.255.255.0. My Anyconnect clients can access the inside network if I use an address pool of the same subnet. When I use an address pool of different sub...
Hi Rohan,Thanks very much for your help.I bought a new AA5510 recently to form a failover cluster and somehow the following two lines were added to the configuration.vpn-sessiondb max-other-vpn-limit 250vpn-sessiondb max-anyconnect-premium-or-essent...
Hi Andrew,I tried the followings but it still doesn't work.access-list ktm_access_out deny tcp 172.16.3.0 255.255.255.0 172.16.6.0 255.255.255.0 eq 3389access-list ktm_access_out permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0access-group ktm_access_out ou...
Hi Andrew,I just tried the followings but it wouldn't stop the traffic:access-list ktm_access_out deny tcp object remote-lan object ktm-lan eq 3389access-list ktm_access_out permit ip any anyaccess-group ktm_access_out out interface ktmActually, runn...
Hi Gaston,I did get it to work using "no sysopt connection permit-vpn" but the acl needs to be applied to the outside interface. I feel so uncomfortable allowing access from the outside interface and I am looking for an alternate solution.Thanks,Simo...
