Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Password Recovery ProcedureDisabling Password Recovery Password Recovery Procedure To recover passwords for the ASA, perform the following steps: Step 1 Connect to the ASA console port according to the instructions in "Accessing the Command-Line In...
Lockout Scenarios and workaroundsViewing the Logged-In User Lockout Scenarios and workarounds In some circumstances, when you turn on command authorization or CLI authentication, you can be locked out of the security appliance CLI. You can usually...
ProblemReasonsResolution Problem During ACS upgrade user gets following error :- "% Manifest file not found in the bundle" Here's an example:- acs/admin# patch install 5-1-0-44-4.tar.gpg FTPDo you want to save the current configuration ? (yes/no) ...
Introduction Host Scan PackagingInstalling or Upgrading Host Scan Viewing the Host Scan Version Enabled on the ASA Related link: Introduction The AnyConnect Posture Module provides the AnyConnect Secure Mobility Client the ability to identify the...
IntroductionPrerequisites Configuration:Setting up new keySetting up new key interactivelyChanging the old keyChanging the old key interactivelyDisabling the Master Passphrase Related Information Introduction The master passphrase feature allows you...
Hi Saeed,As a good practice, please keep your ip pool for vpn client different from internal network, this causes routing issue.To resolve your issue, try this:- Change the pool on ASA for vpn client as ip local pool GSM 172.16.1.1-172.16.1.254 mas...
Hi Paul,The ACL in VPN defines what to encrypt. access-list 104 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255The above access-list defines that traffic from subnet 192.168.10.0 to 192.168.20.0 should get encrypted.Hope this helps,Sian
Hi Edward,I guess the ASA comes with two free SSL vpn license, i.e you can terminate two SSL vpn clients on it. This license is not for free downloads.Regards,Sian
Hi Dan,I am not sure why are you using "ah-sha-hmac esp-aes-256", however just to isolate the issue have you tried something like this :- crypto ipsec transform-set transformset1 esp-3des esp-sha-hmac Give it a shot and let us know how it goes.Hope ...
Hi Scott,Please share the output of "sh cry isakmp sa" and sh crypto ipsec sa" after bringing up the tunnel. What we need to see is if tunnel shows up as "QM_idle" if yes, then are we encrypting packets from our side or not. Is there a natting or pat...
