Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Our company is looking at an IPS solution and I've heard pros and cons about using IPS modules for the ASAs versus standalone units. Our basic physical topology is a 5515 pair in active/standby w/ a L2L vpn to another fw pair at a colo. I had worke...
I have a L2L vpn between a 5515(hub) & remote site w/ 5505 established, however, at the hub there is another network range which is routed via the same gateway. The interesting traffic as well as the nat statement is defined with an object-group that...
The physical setup is a little odd as the ASA is connected to the LAN interface of a SOHO wireless router/firewall, and I'm wondering if that is the issue with the port forwarding failures. There's a remote-pc that requires vnc access to connected t...
I can't believe this is stumping me and I know the answer will result in a major face-palm, but I'm getting dizzy from running in circles... This is as basic as it gets and from everything I've read, this config should work as is (without requiring ...
Thank you for taking the time and replying. It turns out the issue had nothing to do with the ASA configs. I was unaware they had dual internet connections on their machines and a 2nd router/gw, so just had to add routes and all is well.My apologie...
Thanks for the quick response! I've run the packet-tracer before and phase 4 drops the packet on access-list (implicit rule).The access-list is as follows (Brazos-Nets includes both 10.10/16 & 192.168.0/24)."access-list outside_cryptomap extended pe...
I was hoping for the object group service answer. Lol.The new Network Objects are created for each static PAT and all is working beautifully now.Thank you again, Jouni!
Well, this is awkward. I seemed to have broken it. I reapplied the config based on your fix (which worked before) and it's not allowing the connection now. I'm assuming it has something to do with the NATing since I've set up an L2L. The 2nd line ...
