Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,We have some 3002 VPN clients that need Internet access through the established VPN tunnel. The problem is that the ASA5520's external interface is blocking this traffic. It seems like it doesn't allow outbound traffic over the same external in...
We have a guest-SSID where people authenticate via the build in web authentication and RADIUS.We use proxy autodiscovery (WPAD, DHCP option 252) in our network and this works on the guest-SSID, but only after the authenticated user closes and opens I...
8.0(2)6.0(2)Hello,We have a strange issue with our ASA5520 acting as an easy VPN server. We want to run IPSEC over port 10000 just like we did on our VPN3000 concentrators. This works fine for like 5 days and then all of a sudden the ASA stops respon...
ASA 8.0(2)ASDM 6.0(2)All of a sudden our ASA 5520 stops responding to IPSEC clients trying to connect (both tcp/10000 and udp/4500). We don't even get any attempts in our logs. It works one day and stops working another. All other communication inbou...
Hello,The default policy on an ASA firewall is to drop DNS UDP datagrams larger than 512 bytes. Have you modified this policy? We had quite some DNS root-servers sending UDP packets of 541 bytes. Is there som general recommendation?Best regards,Rutge...
Thanks Collin,I can't seem to find our particular scenario in that document. We have VPN clients coming in on the external interface and moving out via the same external interface to access Internet. The external interface blocks this traffic probabl...
Hello,We are using the integrated authentication web. I was able to solve this problem by using the DHCP WPAD discovery method where the WPAD-URL is sent in the DHCP-reply. This information is then already in place before the web authentication occur...
Thanks for your reply.It is not only one client machine having troubles, but all of them. The ASA stops serving IPSEC VPN.I will try with turning off DPD on the ASA and the client. The client is getting their settings from an ACS. Is it enough to dis...
Thanks! This describes how to create an esmpt inspect. What I am looking for is the values of the default esmpt inspect. What does it do to my esmpt traffic?Kind regards,Rutger
