Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an ASA5510 and a VPN 3005I want my users to connect via WebVPN and authenticate against the AD. This works very well, until my users are member of more than 9 AD groups. They just get rejected with the "unspecified reason"Anyone has or knows a...
HiI have this customer that needs a PIX firewall to terminate some few VPN clients.The PIX has a public IP address on the outside and a private address on the inside - the VPN pool uses addresses from the inside network - no need to reach any hosts h...
HiDon't know if this has been an issue before.My 3005 validates users against the AD database. Problem is, that when they try connecting to WebVPN service they are denied access when they are member of more than 10 groups in the AD.Anyone have an exp...
Hello there.I would like help for this setup: I have a 3550 switch, a ACS and a w2k with AD. Now, i would like to authenticate users against the AD an place them in the VLANs they belong to.I have worked with this for a week now, but I just can't get...
I have a Cisco 3005 concentrator running software version 3.6.7 (cannot be upgraded for several reasons). The private interface has an IP address of 10.101.0.242/20.I have a lot of VPN clients and 6 3002 hardware clients, that connects and it's worki...
HiYou got the setup right.The PIX is running 6.3.4 and the ISAKMP NAT-TRAVERSAL command is in the config, but still....no luck.I wonder if the other firewall is doing som NAT'ing and if this could be a problem?
HiThis may not be the solution, but just a suggestion.I suppose you want internet access via the ISDN. Since the PIX needs a default gateway for 0.0.0.0 traffic you should talk to your ISP and get some public IP adresses for your routers and PIX outs...
Under system properties/administration/PDM-HTTPS you can set up access to the PDM.Just choose the outside interface and then the networks that you trust.Or if you like the CLI:http 0.0.0.0 0.0.0.0 outside (This network should not be trusted)
HiU need to know the exact port numbers for each chat program - or maybe the IP adress of the chatservers.The problem with clients like ICQ is that they can connect through other ports like port 21. It then masks itself as FTP traffic and maybe you d...
Hi GThat goes for all failover devices such as PIX'es, LocalDirectors etc.Every time a unit goes from standby to active there is a short time with no connection to whatever users are trying to reach. All connections are also dropped, which can result...
