Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About Albert Succar
Stats
Member since
08-16-2013
12
Posts
0
Helpful
0
Solutions
Created by
Albert Succar
in Intrusion Prevention and Detection Systems (IPS - IDS)
in Intrusion Prevention and Detection Systems (IPS - IDS)
11-06-2017
11:26 AM
11-06-2017
11:26 AM
I'm having the exact issue. I went to enable netflow and was presented with this error message.
... View more
09-16-2014
07:22 AM
I was thinking of enabling this on the tunnel, however we have a primary and backup interface being monitored via SLA. If I was to disable the keepalive on the primary tunnel, would that fail to establish a new tunnel on the backup interface if the primary goes down?
... View more
09-16-2014
06:43 AM
On both ASA's: Rekey Int (T): 3600 seconds Rekey Int (D): 102400000 K-Bytes
... View more
Created by
Albert Succar
in VPN and AnyConnect
in VPN and AnyConnect
09-16-2014
05:34 AM
09-16-2014
05:34 AM
We are having connection issues between two sites. Each sites houses an ASA5510 and is connected via a site-to-site tunnel. The tunnel seems to drop randomly throughout the day. Sometimes it take only 3 hours, other times it takes several days. This issue interferes with our backup jobs since they tend to fail when the tunnel is dropped. On one of the ends, we noticed the following logs (there were a lot more but I felt these were most important) 2014-09-11 02:46:32 Local4.Error 192.168.2.2 %ASA-3-713123: Group = 1.1.1.1, IP = 1.1.1.1, IKE lost contact with remote peer, deleting connection (keepalive type: DPD) 2014-09-11 02:46:32 Local4.Notice 192.168.2.2 %ASA-5-713259: Group = 1.1.1.1, IP =1.1.1.1, Session is being torn down. Reason: Lost Service Any ideas/suggestions? If additional information is needed about our environment, please let me know.
... View more
Labels:
09-11-2014
07:11 AM
Thank you for your help. As you can tell, I'm fairly new to this process so please bear with me. If I understand you correctly, all switches behind the 2960 do not need to be adjusted. Host traffic will flow through these switches and hit the 2960. The port going from 2960 to ASA will be trunked and the ASA will have the sub-interfaces configured for each VLAN. Will I also need to create these VLANS on the switch itself? Again, sorry for the stupid questions. I am trying to get a good understanding before moving forward.
... View more
09-11-2014
06:56 AM
Based on what I've been reading, this may be the best approach. There are several switches behind the 2960 switch. Would any configuration need to be done on these switches as-well? Or would I just need to trunk the port going from 2960 -> ASA.
... View more
09-11-2014
06:34 AM
Thank you for clarifying that for me. Currently, here is our inside interface: interface Ethernet0/1 nameif NJinternalIPs security-level 100 ip address 192.168.1.2 255.255.255.0 As you can see, no VLAN was setup for this interface. If I was to go with your approach, would I need to create 2 new sub-interfaces with their own associated VLAN? Or could I leave the existing interface and create 1 sub-interface with its own VLAN? I hope I worded that question correctly.
... View more
Created by
Albert Succar
in Firewalls
in Firewalls
09-11-2014
05:47 AM
09-11-2014
05:47 AM
Hi All, We currently have an ASA 5510 sitting in front of a catalyst 2960 unmanaged switch. Would it be possible to assign multiple subnets to the inside interface of the ASA without the need to purchase more equipment (an additional router)? I ask because we are in the process of changing our internal subnet and we would like to do so with minimal downtime. So allowing us to have both networks up and slowly transition everything to the new subnet would be our best approach. All help/suggestions is appreciated. Thank you in advance!
... View more
- Tags:
- #router #subnet
Labels:
08-16-2013
06:05 AM
Hi all, I understand the concept of NAT and why it is used. However, I am a bit confused given the following command: object network obj-internal nat (inside,outside) dynamic interface Please correct me if I am wrong, but so far I understand that this command creates a network object named "obj-internal", and creates a rule for traffic from the inside interface to the outside interface. However, I am confused with the dynamic interface portion. Could somebody please elaborate more on the meaning/use of this part? All help is greatly appreciated.
... View more
Labels:
11-06-2017
I'm having the exact issue. I went to enable netflow and was presented
with this error message.
09-16-2014
I was thinking of enabling this on the tunnel, however we have a primary
and backup interface being ...
09-16-2014
We are having connection issues between two sites. Each sites houses an
ASA5510 and is connected via...
09-11-2014
Thank you for your help. As you can tell, I'm fairly new to this process
so please bear with me.If I...
09-11-2014
Based on what I've been reading, this may be the best approach.There are
several switches behind the...
09-11-2014
Thank you for clarifying that for me. Currently, here is our inside
interface: interface Ethernet0/1...
Created by
Albert Succar
in Firewalls
09-11-2014
09-11-2014
Hi All,We currently have an ASA 5510 sitting in front of a catalyst 2960
unmanaged switch. Would it ...
Public Statistics
| Date Registered | 08-16-2013 06:00 AM |
| Date Last Visited | 08-10-2018 12:04 AM |
| Total Messages Posted | 12 |
.jpg "VIP Advocate"){kind=icon}
