Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,
We have an ASA5506X running 9.6.1.
We are currently running a VPN tunnel using: Ikev1 with AES-256, SHA1, and DH 2, and it runs very well.
We are considering changing the config to use: ikev2 with AES-256, SHA256, and DH20.
Can anyone tell m...
Hello,
We have an ASA5506 running 9.6(1). I have it configured for Remote VPN users to connect via AnyConnect. I also have it configured to do a site-to-site VPN with a supplier. Our inside LAN is 192.168.1.0/24
The supplier tells us they want all...
Hello,
I have the following config on my old ASA5510 running 7.2. This is part of a site-to-site VPN config.
nat (inside) 0 access-list no_nat
access-list no_nat line 1 extended permit ip 192.168.22.0 255.255.255.0 host 10.125.125.15
access-list no...
Hello,I have installed SAP2602I access points at my customers location and configured a corporate network and a guest network. Everything works fine except when a user is connected to the guest network, they cannot access a web server that is hosted...
Hello,I have a have a Windows server providing DHCP to all users on VLAN 1. I want the 3925 router to provide DHCP to users on a specific VLAN, in this case VLAN 55, that will be a wireless guest VLAN. The WAP is a SAP2602 so no controller. I have...
Hi Matty, thanks for this, it is an excellent document, however it does not specifically address DH20, which is what our partner wants to deploy, however everything I’ve read considers DH20 to be safe, just hoping the CPU on a ASA5506X can handle it.
We only have 2 active VPN tunnels running. Someone told me DH20 is very CPU intensive may cause a slow down on the lower end ASA like the 5506. Thanks for your help.
Hello,
We have an ASA5506X running 9.6.1.
We are currently running a VPN tunnel using: Ikev1 with AES-256, SHA1, and DH 2, and it runs very well.
We are considering changing the config, at the request of the company at the other end of the VPN tunnel...
Hi JP,
Thank you for your quick response and your excellent advise. All of my previous experience has been with version 7 of the ASA software and these new NAT statements are a bit of a learning curve.
I used the commands you suggested and when I en...
Hi Steve,Thanks for your reply. I am sure the problem is a hair pinning issue as the firewall config does not allow connections to the outside address from internal clients.Can you give me a sample config to make this work? Is it just a firewall mo...
