Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hey guys,I'm configuring a couple of new 5515X ASAs.Are there any major differences between the following two NAT syntax methods? They both seem to work in a lab environment. I only find the first method mentioned in Cisco documentation for perform...
Hey everyone,Can anyone suggest a proper procedure for allowing external access through the ASA using FQDN? We are in the process of moving an internally hosted system to the cloud (external hosting) and the option of filtering via IP address is not...
Hi Everyone,I am trying to merge two networks, one using an ASA 5510 as its edge device, and the other using a Watchguard XTM 510. For some reason, when a connection is initiated from the Watchguard side, phase 1 complets with MM_ACTIVE, but when th...
Hey everyone,I have an active tunnel between an ASA and a router. Both inside networks are able to communicate just fine across the tunnel. However, I'm running into a problem where the inside interface on the ASA itself is not able to reach the in...
Hi everyone,I've successfully configured several edge devices to use RADIUS. I have an SNMP server that I would like to be able to use the default local authentication. Is it possible to configure an exception so that when authentication is attempt...
I just confirmed it Jouni, when configuring Manual NAT/PAT and then following it with the Manual static NAT configuration, inbound access to the statically mapped service is not established:nat (any,outside) source dynamic any interfacenat (DMZ,any) ...
That's tremendous help Jouni, thank you. So then if I use Manual NAT, then it will take precedence before any auto dynamic PAT configurations?All of our NAT configurations are going to be static NAT using unique IPs and a dynamic PAT using a complet...
I actually found the answer here:https://supportforums.cisco.com/thread/2159975That's funny, Julio, you're the one who actually provided this solution.Access-list test permit tcp any any eq 80Regex google \.google\.compolicy-map type inspect http GO...
The issue was resolved. Watchguard uses both a "Remote Gateway IP", as well as a "Remote Gateway ID." In most cases, these will have the same IPv4 value. However, in this case, the ASA was using an old FQDN as its ID so it was causing a mismatch w...
Thanks guys! Actually the following config solved it:management-access InsideAnd I was able to immediately reach the inside interface from the remote LAN, as well as the ASA reaching across the tunnel for authentication through the remote radius ser...
