About Murali

Murali · 09-12-2016

Hello everyone !! Our client is requesting to enable FQDN based ACL's (mostly because its easy to give a URL instead of multiple ip's for the same URL) but when i researched it looks like this feature has lot of shortcomings like i listed below , co...

Murali · 08-19-2015

Hello everyone ! I came to know that we can use the same public ip for creating multiple tunnels to different sites using crypto-maps with multiple lines each representing a reference to a particular tunnel and using vrf aware IPsec but I would like...

Murali · 12-21-2017

while inserting a new ACL in your case just use the existing line number of the other deny rule it will push the old ACL to n+1 line and you should be good

Murali · 12-13-2017

1) For NAT-T to work both ends should be enabled https://supportforums.cisco.com/t5/security-documents/how-does-nat-t-work-with-ipsec/ta-p/3119442 2) sounds like a capacity issue 3) DPD should be enabled on both sides. Thank You Murali. ~Impo...

Murali · 12-09-2017

Network diagram is missing

Murali · 05-03-2017

Yes , did you try clearing the SA's ? also did you check any log messages?

Murali · 04-26-2017

Hello below link may be helpful for you https://supportforums.cisco.com/discussion/12948521/asa-firepower-60-proxy-server

Member Since	‎10-10-2012 09:02 AM
Date Last Visited	‎08-07-2019 12:17 AM
Posts	65
Total Helpful Votes Received	29

User Statistics

User Activity

ASA FQDN based ACL - Suggestions

vrf-aware IPSec vs crypto maps for multiple tunnels

Re: Add New Object-Group Line in existing ACL - ASA

Re: IPSec VPN Questions

Re: Hairpin/U-Turn Traffic off an interface on an ASA running 8.3 or later

Yes , did you try clearing

Hello below link may be