Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,We have 3 asa,aAsa 1 has a VPN with asa 2Asa 2 has a VPN with asa 3Asa 2 is hairpinning traffic from 1 to 3 through the VPNsPings however are not working.on a packet capture on the far end I see echo requests and replies but the replies do not ...
Hello,is there a way to get the FULL version revision on the ASA or any other IOS device for that matter.e.g.Cisco security advisory states Recommended release 8.2(5.33)show version displays 8.2(5)Cisco Download just shows Latest release 8.2.5 EDSo I...
Hello,I have several working VPNs between ASAs 8.4 and 8.3The way this was set up is with cryptomaps that match whole subnets and ACL on the outside interface to permit from/to the RFC 1918 addresses.I notice that the hit count is zero on these rules...
In the docs it says that ignores occur when the interface hardware runs low on buffers.What does it mean when I see ignores (lots of them) on a Vlan but I do not see them on the trunk interface.This is the management VLAN on a switch.Is it possible t...
Hi I tried to upgrade ASA5510 to 8.3.1 (from 8.2.5)The configuration migration did not appear to work. My VPNs were up but mostly would not pass traffic.I saved the migrated configuration (for referenec) and backed out the change.Now I am looking at ...
If a device on vlan 1 sends an arp it only broadcasts to vlan1
directed broadcast will not help because arp requests are not directed broadcasts.
a host on vlan1 will realise from its ip and subnet mask that the host on vlan 2 is on a different subn...
Broadcasts are limited to the VLAN on which they originate.
Trunks do not block broadcasts
I am not sure what you are asking when you say do SVIs support L3 and L2 protocols.
An SVI will receive the broadcast, and can be configured in some circumstan...
Are you sure this configuration is legal for NSSA ?
You have multiple connections to area 0 so I would have thought that it can't be a stub area.
NSSA allows you to inject external routes I don't think it allows multiple connections to area 0.
If you...
personaly in this case I would use a routed port. Though as you say it makes little difference.
The SVI approach gives you more flexability because you can add more devices on the subnet later if you need to.
With a routed port you are not running sp...
Thanks Julio,Yes it was only icmp that was affected. But your capture which showed the replies being dropped helped me to figure out the issue.It was the ordering of the twice nat rules.Sent from Cisco Technical Support iPad App
