Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,We have a pair of ASA5520 firewalls running 8.4(2). We want to upgrade them because we're having problems with SSL VPNs (see link below).https://supportforums.cisco.com/thread/2148408 Is there a reason why we should stop at 8.4(3.8) and not go to...
Hi Everyone,Can anyone tell me what Cisco switches support WCCP as we want to implement it and have budget for new switches, but don't want order wrong ones and look rather foolish?We originally budgeted for 2960-S switches, but I don't think you're ...
Hi all,Can you tell me if there's any way of narrowing down a degub for a peer address only? For example, I currently run 'debug crypto isakmp 127' which captures everything, but can I run the same debug for peer address 1.1.1.1?I know you can run '...
Hi all,A couple of questions I'm hoping you can help me with.Please can you tell me where I'd change the Diffie-Hellman group for phase 1 on an ASA firewall and can this be done on the ASDM?Also, do you have to enable PFS have to DH on phase 2?Many t...
Hi folks, A bit of a strange one I'm hoping some of you may have come across before.When I try to SSH (putty) onto our Cisco ASA5520 (8.4.2), more often that not I get an 'Access denied' message when I enter the password which I'm 100% sure is correc...
Hi Antonio,One thing that I've learnt recently that I find a very useful addition to the ones you've mentioned already is:Packet-tracer input tcp detailedThis will show the traffic being allowed through the VPN, if indeed it is.RegardsAlex
Hi,I've managed to find a workaround by setting SSH authentication to local only - not ACS.Thanks for you time and effort in helping me with this problem.RegardsAlex
Hi,Please accept my apologies - I didn't realise the ACS was used for this authentication. I'm very new to Cisco products and I'm having difficulty learning on a production network. Attached is the ASA config as requested.Also, the ACS has the follo...
