About elialope

elialope · 11-20-2013

This will be for a basic setup, no policy NAT, no backup peers, using preshared keys having a similar topology to the one below:!--find and replace <name> with the endpoint name/identifier, typicaly the site if it is a part of your organization, or c...

elialope · 11-21-2013

Roger,That looks good but you are still missing a detail:access-list colocation_vpn extended permit ip (obiously the colocation device must have a line that is from it's network to the partner)I hope this helps.

elialope · 11-20-2013

You can configure you IAS to send the group-policy name on the attribute 25 (class), and have the user connect to the default. That way the ASA will force them to use the proper group policy and all of its advantages.

elialope · 11-20-2013

Hello Roger,The configuration that you need will be on the HQ ASA.First of all configure the ASA so that it would allow traffic to leave through the same interface that it came through:same-security-traffic permit intra-interfacethen you would need t...

elialope · 11-20-2013

Hello Paul,This is possible through ASDM but you will need to use some advanced settings:Configuration > Site-to-Site VPN > Advanced > Tunnel Groups There edit the group called "DefaultL2LGroup" and add the pre-shard key from the SA540 (note: all you...

elialope · 09-26-2012

Sal,Provided that you create a separate connection profile for the certificate authentication you can keep using both. You will need to have a group url and/or group alias for each one. I hope this helps you resolve your issue.Elias

Member Since	‎03-31-2011 07:00 AM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	5
Total Helpful Votes Received	25

User Statistics

User Activity

Basic site to site VPN Template / Example ASA 8.4+ (IKEv1)

Site-2-Site VPN and NAT

How to restrict a VPN user with a specific anyconnect profile?

Site-2-Site VPN and NAT

Dynamic Site to Site VPN Tunnel

Re: AnyConnect Certificate Based Authentication.