Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm attempting to set up WCCPv2 on a Nexus 7K switch to intercept web traffic and route it to our proxy, ip 10.10.120.12. We are using L2 redirection and mask assignment. We are getting a "Service Group Mismatch" on our proxy. The description of the...
We are using Qualys to map our network. The firewalls are set to allow icmp from the scanner to the x.x.x.*/24 network being mapped. For some reason when the mapping scan runs, Qualys isn't detecting the ASA 5510 as a hop in the path. We are running ...
We have an ASA 5505 running 8.0. Users connected to the internet through this device report very slow response time. show local-host is showing one particular host with 75+ TCP connections and 50+ UDP connections. We suspect a problem with this machi...
We have a VPN tunnel b/w a CheckPoint and a Cisco ASA. The tunnel is up and working, but almost every day around noon I get the following messages and the tunnel breaks and reforms successfully. Phase 1 is set on both sides at 1440min/86400 seconds; ...
I have a VPN tunnel with a Checkpoint, and because of the CheckPoint's unfortunate behavior of supernetting, I've had to use supernets in the crypto map on the ASA. All was well until I decided to modify a setting on CheckPoint to prevent supernettin...
I have an update ...I was able to get wccpv2 working by changing from service group 91 to web-cache. So it's working for http traffic. I can't, however, get https working. I've tried configuring service group 91 just for https, service group 70 (whic...
Users were reporting their sessions were breaking. I looked at the logs from the ASA and based on the messages (like "PHASE 1 Completed", I was assumed the tunnel was breaking and then reforming, and that's what was causing the session disconnect. Sp...
Our problem turned out to be within the Oracle application the users were using, and not with the connection. The database administrators tweaked a timeout parameter, and that resolved the issue.
Thanks for the replies and the info. Much appreciated!So am I doing the right clear commands in the right sequence, to completely terminate the tunnel?clear crypto isakmp saclear crypto ipsec saIf not, what are the correct commands and sequence. Agai...
Thanks for replying. We're running R62 (no hfa) with traditional mode. We have over 40 vpn tunnels so it is not an option to just convert to simplified mode. This is a plan but not something I can do immediately to solve this issue.When ike_use_large...
