About tickermcse76

tickermcse76 · 01-16-2018

More often, I'm finding the need to permit outbound access to an FQDN that can have a few to several IP endpoints (ie a service that itself leverages multiple services to host its platform and or CDN). Permitting based on an FQDN has had its own ho...

tickermcse76 · 11-08-2017

Environment ASA Outside interface will be used to establish IPSec VPN tunnel from remote User_A. ASA INT_A interface will be used to connect a leased line circuit from remote User_A. ASA INT_B interface is a private LAN segment that hosts a single we...

tickermcse76 · 05-31-2017

Is it possible to POST XML content directly to the Tidal Rest API or is the payload required to be x-www-form-urlencoded? All of the configuration files are in XML - so my first inclination was to POST XML. But I kept receiving errors. Looking a...

tickermcse76 · 05-12-2017

Site A has a very large IP block (otherwise we would have used 1:1 NAT)Site B has 20 hostsSite A primarily initiates traffic to Site B; any host at site A is allowed to connectSite A has 2 network links in to Site B It will route traffic through Link...

tickermcse76 · 04-12-2017

I have a S2S IPsec VPN tunnel between Peer_C and Peer_R, both are Cisco ASA on different code levels but 9.x. Peer_C can always initiate the tunnel, however Peer_R fails the large majority of the time with: IKEv2 Negotiation aborted due to ERROR: M...

tickermcse76 · 11-08-2017

We don't have any explicit routes defined for traffic returned back over VPN tunnel through the outside interface. For the leased line traffic, we have an IP SLA monitor with ICMP check to a remote IP reachable over INT_A. The route back to the cl...

tickermcse76 · 10-17-2017

Can you please elaborate on specific table and settings? We are seeing a similar issue.

tickermcse76 · 04-25-2017

Rick - after troubleshooting with Cisco we determined the root cause - there was a static NAT in place on the outside interface on peer C. The NAT was in place to allow a host internet access sourced from the outside interface IP. We changed the NA...

tickermcse76 · 04-24-2017

Rick - Thanks for the response - but none of those conditions are in place.

tickermcse76 · 08-25-2016

yes the ASA will downgrade the lifetime to 100 when communicating with this remote peer. there is no mismatch in the lifetime. Would that be true even for non-Cisco devices? Have a situation where ASA is set for 24 hour lifetime, and remote peer is...

Member Since	‎10-04-2014 07:44 AM
Date Last Visited	‎01-19-2018 12:08 AM
Posts	17
Total Helpful Votes Received	5

User Statistics

User Activity

Best practice for allowing outbound to FQDN with multiple endpoints?

Issue with remote connectivity over Leased Line and IPSec VPN (NAT/IP SLA issue?)

Tidal API - can you POST XML directly or x-www-form-urlencoded only?

One to many NAT with some exceptions for bidirectional traffic (ASA)?

S2S IPSec VPN tunnel - maximum number of retransmissions reached from one peer

Re: Issue with remote connectivity over Leased Line and IPSec VPN (NAT/IP SLA issue?)

Re: We found the issue. It was a

Rick - after troubleshooting

Rick - Thanks for the

yes the ASA will downgrade