Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi everyone. I am attempting to implement PAT + NAT exemption on our ASA on a setup similar to the one described here:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/nat_overview.html#92034
The main dif...
Hi,I configured our ASA to fetch a CRL provided via our Linux CA. The crl is exported via Tinyca as a crl file and served by Apache.The file is reachable by the ASA and up to date, I see an http 200 (OK). Despite that I get a "Unable to retrieve or ...
Hi all,I've been configuring Catalyst 29xx as access switches for quite a while. I noticed that the patchpanel numbering and the catalyst ports numbering are not corresponding in their progression.The Catalyst ports are numbered top to bottom and lef...
Hi,we're using openldap for authorising our user to connect to the webvpn via our ASA.We'd like to rely on operational attributes to do some DAP matching. This is an example of how a user record looks in our LDAP tree:# extended LDIF## LDAPv3# filter...
HiWe have a custom web application which is heavily relying on javascript. We're trying to access it via the webportal but this application does not load correctly (it barely shows a white page).the link is https://our.domain.com/oursubdirectory and ...
Hello!I commented out those nat rules because my setup does not have a "client vpn" implementation, only "site-2-site".
I managed to succeed in implementing the NAT by using the following rules:
nat (IF-DMZ-SELFSERVICE-TERMINALS,IF-MANAGEMENT) sourc...
Hi, I'm pasting the debug of the entire "ca" section with level 255.I have the complete trustchain, yes, and the linuxca is an intermediate certificate. As a note: I added each cert of the trustchain as a separate TRUSTPOINT in the ASA. I'm suspectin...
hi!Seems like it works fine:Writing file disk0:/issuingca.crl...!1007 bytes copied in 0.90 secs(ciscoasa)# dirDirectory of disk0:/...267 -rwx 1007 15:17:53 Jan 06 2014 issuingca.crl...At least it gets the file!
Hi, thanks for the answer.I'm using the following:debug crypto ca messages 255debug crypto ca transactions 255This output is interesting (omitting the CRL full url, which is correct):CRYPTO_PKI: Starting CRL revocation check.CRYPTO_PKI: Attempting to...
