Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am seeing a large number of duplicate TCP SYN errors on our ASA and FTD. The majority are for the VPN subnet to a Private IP such as 10.0.0.x that does not exist on our network. Seems to me that it could be the local subnet of the VPN client that i...
Can anyone describe how PAP works between ASA and Microsoft NPS for RADIUS authentication and how MS-CHAP is different?Please don't tell me that PAP sends the password in clear text. I have taken PCAPs and I see no clear text shared secret or passwor...
Does anyone have an example (or can point me to documentation) of setting up the ASA using Microsoft NPS server for Radius with Azure AD for the second factor. I have an ASA pointed towards a Microsoft NPS server with the Azure MFA extension. Everyt...
I have one 8831 phone that decided to become stuck on the Cisco logo the other day. It had been working for months. I have seen plenty of other posts similar to this but none seem to apply or fix my issue. The phone is V03 hardware. ( I know there is...
Couple weeks ago, we had reports that calls outbound to external clients were showing up as "Private" instead of our company name. We have not made any configuration changes however the carrier swears we are overriding the CNAM info with information ...
Hi Marius, Thanks for the response. I was blocking the local networks I was seeing from the inside interface of the ASA. I don't think the 0.0.0.0/32 would work as we are sending all 10.0.0.0/8 traffic through VPN so even if 10.0.0.x/24 is unused for...
I also realize that the ASA and NPS use the shared secret key to encrypt communication between the two but what am I missing. What drawback should I be considering for not using PAP in this instance?
I figured it out. After doing some research on the error "User not authorized for AnyConnect Client access..." it says it's related to the Anyconnect image missing. Though it was loaded on the ASA, I disabled DTLS with the command "enable outside tl...
