About rvarelac

rvarelac · 05-03-2016

Introduction By design or to avoid multiples VPN endpoints, you might want to have the VPN client and S2S VPN on the same device and shared the networks between the 2 VPN tunnels. With the following config , we simplify the configuration requirements...

rvarelac · 05-03-2016

Introduction An existing VPN tunnel requires active traffic every so often to keep the tunnel up and running If the tunnel is used for backup purposes and the traffic is generated only once per day , most likely the tunnel will remain down until new...

rvarelac · 05-02-2016

Recommendation about this feature This feature works only between the following platforms: •Two Cisco ASA 5500 series security appliances •A Cisco ASA 5500 series security appliance and a Cisco VPN 3000 concentrator •A Cisco ASA 5500 series security ...

rvarelac · 01-18-2016

Objective: Traffic between Branch 1 and Branch 2 should be able to talk across the existing IPSec VPN on headquarters ASA (HQ). Concepts: Hairpinning (U-turn Traffic): Hairpinning is a term to describe traffic that is routed out of the same interfac...

rvarelac · 01-12-2016

What is DART ? DART is the AnyConnect Diagnostics and Reporting Tool that you can use to collect data useful for troubleshooting AnyConnect installation and connection problems. DART supports Windows,MAC and Linux. DART is currently available as ...

rvarelac · 02-15-2016

Hi Pete, Yes, It does apply for Site-to-Site tunnels and remote users using IKEv1 or IKEv2 connections, the attack is based on IPSEC malformed packets, hence the attacker does not need to spoof a valid peer address, it takes advantage of the ASA l...

rvarelac · 02-11-2016

Hi Ray, Unfortunately any version prior 8.4 has reach the End of software maintenance and won't have a direct fix for this vulnerability. The only known not affected ASA version is 8.5 , any other version must be consider potentially vulnerable to ...

rvarelac · 02-11-2016

Hi chanchiahuei According to the chat you need to move to 9.4(2.4) , if you don't have access to download the image feel free to open a TAC case to have the image published. Cisco ASA Major Release First Fixed Release 7.21 Affected; migrate to 9.1(7...

rvarelac · 02-11-2016

Hi awysocki, The documentation states you need either a Site-to-Site tunnel running Ikev1 or ikev2 , or a remote connection with ipsec technologies. If you don't have any of those technologies the exploit can't be executed. You can check if the I...

rvarelac · 02-11-2016

Hi Christian, According to the chart, the only version not affected is code 8.5 for 9.1 code you need to upgrade to 9.1.7 to be safe of this vulnerability. Cisco ASA Major Release First Fixed Release 7.21 Affected; migrate to 9.1(7) or later 8.21Af...

Member Since	‎08-19-2013 12:19 PM
Date Last Visited	‎08-18-2017 04:27 AM
Posts	364
Total Helpful Votes Received	469

User Statistics

User Activity

Reach remote S2S networks from Anyconnect on the ASA

Using IP SLA to keep IPSEC tunnel active

How to configure a Backup Site-to-Site tunnel on the ASA

How to configure Site-to-Site VPN with Hairpinning on Cisco ASA Firewall.

How to collect the DART bundle for Anyconnect

Hi Pete,

Hi Ray,

Hi chanchiahuei

Hi awysocki,

Hi Christian,