About Nicola Volpini

Nicola Volpini · 07-16-2016

Hi everyone. I am attempting to implement PAT + NAT exemption on our ASA on a setup similar to the one described here: http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/nat_overview.html#92034 The main dif...

Nicola Volpini · 12-18-2013

Hi,I configured our ASA to fetch a CRL provided via our Linux CA. The crl is exported via Tinyca as a crl file and served by Apache.The file is reachable by the ASA and up to date, I see an http 200 (OK). Despite that I get a "Unable to retrieve or ...

Nicola Volpini · 02-07-2013

Hi all,I've been configuring Catalyst 29xx as access switches for quite a while. I noticed that the patchpanel numbering and the catalyst ports numbering are not corresponding in their progression.The Catalyst ports are numbered top to bottom and lef...

Nicola Volpini · 01-14-2013

Hi,we're using openldap for authorising our user to connect to the webvpn via our ASA.We'd like to rely on operational attributes to do some DAP matching. This is an example of how a user record looks in our LDAP tree:# extended LDIF## LDAPv3# filter...

Nicola Volpini · 10-26-2012

HiWe have a custom web application which is heavily relying on javascript. We're trying to access it via the webportal but this application does not load correctly (it barely shows a white page).the link is https://our.domain.com/oursubdirectory and ...

Nicola Volpini · 07-19-2016

Hello!I commented out those nat rules because my setup does not have a "client vpn" implementation, only "site-2-site". I managed to succeed in implementing the NAT by using the following rules: nat (IF-DMZ-SELFSERVICE-TERMINALS,IF-MANAGEMENT) sourc...

Nicola Volpini · 07-15-2016

Thanks! It's never too late, your answer will help the community :)

Nicola Volpini · 01-21-2014

Hi, I'm pasting the debug of the entire "ca" section with level 255.I have the complete trustchain, yes, and the linuxca is an intermediate certificate. As a note: I added each cert of the trustchain as a separate TRUSTPOINT in the ASA. I'm suspectin...

Nicola Volpini · 01-06-2014

hi!Seems like it works fine:Writing file disk0:/issuingca.crl...!1007 bytes copied in 0.90 secs(ciscoasa)# dirDirectory of disk0:/...267 -rwx 1007 15:17:53 Jan 06 2014 issuingca.crl...At least it gets the file!

Nicola Volpini · 01-06-2014

Hi, thanks for the answer.I'm using the following:debug crypto ca messages 255debug crypto ca transactions 255This output is interesting (omitting the CRL full url, which is correct):CRYPTO_PKI: Starting CRL revocation check.CRYPTO_PKI: Attempting to...

Member Since	‎06-20-2012 07:16 AM
Date Last Visited	‎08-18-2017 04:00 AM
Posts	37

User Statistics

User Activity

PAT + NAT Exemption with two ISPs and multiple VLANs

ASA 8.4(6) "Unable to retrieve or verify CRL"

Tool to generate catalyst port config based on patchpanel layout

LDAP operational attributes match in ASA 5510 during authorisation

How to use the Proxy Bypass on an ASA 5510

Hello!I commented out those

Thanks! It's never too late,

Re: ASA 8.4(6) "Unable to retrieve or verify CRL"

ASA 8.4(6) "Unable to retrieve or verify CRL"

Re: ASA 8.4(6) "Unable to retrieve or verify CRL"