Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,
We need to restrict VPN Users from using routers as L2TP VPN clients. I see that the ASA recognizes their Client OS properly. But if I use client-access-rule matching these values, it doesn't work.
For instance:
sh vpn-sessiondb detail ra-ikev1-i...
Hi,
I found a strange bug with split tunneling on MacOS's Anyconnect VPN Client.
We have a split tunnel configured on the ASA, it has networks:
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8
They all appear in 'Secured Routes' while 0.0.0.0/0 is in 'Non-Se...
Hello all,
I'm trying to implement service policy on our ipsec tunnels on ASR1001. Version: asr1001-universalk9.03.13.01.S.154-3.S1-ext.bin
Here is the typical Tunnel configuration:
interface Tunnel100
ip address 172.x.x.x 255.255.255.252
ip mtu ...
Hi,Correct me if I'm wrong. As I understand transparent proxy != DPI because transparent proxy have some functional limitations and dpi haven't. So the WSA's web filters and rules are based on transparent proxy that will affect some type of traffic o...
Hi, I have tried to implement SNR in our telephony network but there is some troubles. I've configured RD and RD profile, attached them to my extension but when I try to call my extension my deskphone starts to ringing after few seconds I hear that d...
Philip,
Yes, we have a lot of subnets in 192.168.0.0/16 and cannot put all of them into a split tunnel. I'm just wondering it doesn't see that there's more specific local network?
Will this policy work on IPSEC tunnels?
I thought
qos pre-classify
works only when you implement qos on tunnel interface.
With NBAR enabled on physical interface the tunnel is still not configurable with NBAR policies
Is there some proxy servers configured on IE? Basically Chrome do use the same settings as IE, but maybe there is some deep settings that allow IE to pass another network route. I've just made a test rule and it works in IE as well as in Chrome.
Hi Luis,Thank you for answer. Maybe I'm missing something but i thought that AVC is the part of DPI. So if the transparent proxy differs from DPI would it affect traffic with some possible unexpected effect?
