Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
More often, I'm finding the need to permit outbound access to an FQDN that can have a few to several IP endpoints (ie a service that itself leverages multiple services to host its platform and or CDN).
Permitting based on an FQDN has had its own ho...
Environment
ASA Outside interface will be used to establish IPSec VPN tunnel from remote User_A.
ASA INT_A interface will be used to connect a leased line circuit from remote User_A.
ASA INT_B interface is a private LAN segment that hosts a single we...
Is it possible to POST XML content directly to the Tidal Rest API or is the payload required to be x-www-form-urlencoded?
All of the configuration files are in XML - so my first inclination was to POST XML. But I kept receiving errors. Looking a...
Site A has a very large IP block (otherwise we would have used 1:1 NAT)Site B has 20 hostsSite A primarily initiates traffic to Site B; any host at site A is allowed to connectSite A has 2 network links in to Site B It will route traffic through Link...
I have a S2S IPsec VPN tunnel between Peer_C and Peer_R, both are Cisco ASA on different code levels but 9.x. Peer_C can always initiate the tunnel, however Peer_R fails the large majority of the time with:
IKEv2 Negotiation aborted due to ERROR: M...
We don't have any explicit routes defined for traffic returned back over VPN tunnel through the outside interface.
For the leased line traffic, we have an IP SLA monitor with ICMP check to a remote IP reachable over INT_A. The route back to the cl...
Rick - after troubleshooting with Cisco we determined the root cause - there was a static NAT in place on the outside interface on peer C. The NAT was in place to allow a host internet access sourced from the outside interface IP. We changed the NA...
yes the ASA will downgrade the lifetime to 100 when communicating with this remote peer. there is no mismatch in the lifetime.
Would that be true even for non-Cisco devices? Have a situation where ASA is set for 24 hour lifetime, and remote peer is...
