Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi:I am attempting to follow the Cisco TrustSec Deployment guide (http://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Security/TrustSec_2-0/trustsec_2-0_dig.pdf).So far things have been going well. I am at the point of adding in my Seed dev...
I am attempting to configure eigrp between a Cisco 5510 and a Cisco 3560. Here is the relevant configuration:
ASA:
interface Ethernet0/1
nameif Inside
security-level 100
ip address 172.17.254.1 255.255.255.0
router eigrp 2
network 172.17.254...
Hi:I have a Cisco 2960 running 12.2(50) SE5 LAN base image. When trying to configure 802.1x in multi-auth host mode I am unable to get my clients to successfully connect.Under a normal circumstance (ie: no multi-auth host mode enable) 802.1x clients ...
Last Thursday we started to experience some odd behaviour with a L2L IPSEC tunnel we have with one of our customers. This tunnel was created a few months back and had been working without issue up until the end of last week. I manage our side of the ...
We have a few remote access VPN portals setup on Cisco ASA 5510. Every now and then we get reports from users saying that it will not accept their credentials. After some time if they try again it will work. I have been trying to track down the issue...
Well upon further research it looks like the exclude option for split-tunnel-policy is only applicable to the VPN client. Doesn't work with AnyConnect.Is there a way to get the same sort of functionality when using AnyConnect?
Hmm. Interesting, I was looking through the configuration and as you stated I didn't see anywhere where the remote and local networks were set.However I have a tunnel that is setup, and if I look at the connection profile, the remote and local addres...
Follow-up on this, just trying to expand my knowledge when it comes to IPSec tunnels.I have seen a few tunnels where the remote and local address specifications match exactly what is in the crypto maps (if you edit the remote and local address for th...
As for your question of just creating an object-group network with all hosts under it. That is what we do. I mis-spoke previously. It just gets unweidly having all those network-object hosts.Thanks
Would need more information / configuration details. It could be ACLs, NAT rules, many many things. My guess would be a NAT identity / exempt rule. Since VPN clients connect from the outside, to get to site B they have to hairpin (so ensure that is e...
