About simon.law

simon.law · 05-16-2013

I am trying to set up my ASA5510 the failover of ISP when it can't ping three different IP. I create three different tracking to three different IP using sla monitor & track rtr. But when I do route isp2 0 0 yy.yy.yy.yy 50 route isp1 0 0 xx....

simon.law · 05-01-2013

Hi,I have two ASA5510 each with a security plus license and 10 SSL VPN licenses, in active/standby mode at version 8.4(4)1. It only allows up to two vpn clients (AnyConnect & SSL VPN) at a time, any extra vpn client would receieve "Login Failed" mess...

simon.law · 07-01-2010

Hi,I have two sites each having an ASA 5510 firewall. Anyconnect clients connected to one site can access resources in both sites. Webvpn clients connected to one site cannot access resources in another site. Is there something I have missed out?Than...

simon.law · 06-29-2010

Hi,I'm trying to set up a site to site VPN between my two ASA 5510 ver 8.3. Both site A and site B can access each other without any problem. Is it possible to configure the site A firewall so that site A can fully access site B but site B can only a...

simon.law · 06-28-2010

Hi,I am trying to set up my ASA 5510 ver 8.3 (ASDM 6.3). My inside network is 192.168.1.0 mask 255.255.255.0. My Anyconnect clients can access the inside network if I use an address pool of the same subnet. When I use an address pool of different sub...

simon.law · 05-01-2013

Hi Rohan,Thanks very much for your help.I bought a new AA5510 recently to form a failover cluster and somehow the following two lines were added to the configuration.vpn-sessiondb max-other-vpn-limit 250vpn-sessiondb max-anyconnect-premium-or-essent...

simon.law · 07-05-2010

Hi Andrew,I tried the followings but it still doesn't work.access-list ktm_access_out deny tcp 172.16.3.0 255.255.255.0 172.16.6.0 255.255.255.0 eq 3389access-list ktm_access_out permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0access-group ktm_access_out ou...

simon.law · 07-05-2010

Hi Andrew,I just tried the followings but it wouldn't stop the traffic:access-list ktm_access_out deny tcp object remote-lan object ktm-lan eq 3389access-list ktm_access_out permit ip any anyaccess-group ktm_access_out out interface ktmActually, runn...

simon.law · 07-05-2010

Hi Andrew,Yes, I would like to block VPN traffic from other site to the LAN. Can you please let me know how I can do it?Thanks,Simon

simon.law · 07-04-2010

Hi Gaston,I did get it to work using "no sysopt connection permit-vpn" but the acl needs to be applied to the outside interface. I feel so uncomfortable allowing access from the outside interface and I am looking for an alternate solution.Thanks,Simo...

Member Since	‎06-28-2010 02:16 AM
Date Last Visited	‎08-18-2017 04:00 AM
Posts	18

User Statistics

User Activity

dual ISP - multiple static route tracking

concurrent VPN clients limited to 2

webvpn clients can't access resources behind a site-to-site vpn

asymmetric access control in site to site vpn

How can I assign IP pools of different subnet to anyconnect clients?

concurrent VPN clients limited to 2

Re: asymmetric access control in site to site vpn

Re: asymmetric access control in site to site vpn

Re: asymmetric access control in site to site vpn

Re: asymmetric access control in site to site vpn