Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About krishnadig
Stats
Member since
09-07-2015
41
Posts
5
Helpful
2
Solutions
Created by
krishnadig
in Network Management
in Network Management
07-02-2018
09:36 AM
07-02-2018
09:36 AM
Hello Friends,
Looking for some industry practice or advise how to handle such situation proactively.
I generally come across a situation where users report a disconnection of production application connectivity in recent past (few minutes or hours back) and would like to know the cause of the issue. Unless a state change of routing protocol or HSRP, or interface status, etc logging buffer (or syslog) doesnt suffice the investigation; need more logs like NAT translation during realtime or check if did the traffic had really reached the router. Is there a way to capture this information continuously?
I have heard of EPC (Embedded Packet Capture) can be used to monitor pass-through traffic, but its CPU intensive.
Thank you,
Krishna
... View more
Labels:
05-21-2018
12:07 AM
I just realized I don't need additional configuration, except for specifying the ASDM image on system context.
Config on system mode:
asdm image disk0:/<filename>.bin
Config on non-system context:
http server enable
http <mgmt host> <mask> <associated interface nameif>
... View more
05-20-2018
11:24 PM
Hi,
I need to gain access of a ASA Context using ASDM.
I am unable to configure ASDM image syntax (asdm image disk0:/asdm-xxx.bin). However the same syntax is valid when used on system context. Please advise how I can fix this.
FW1/contex1(config)# asdm ?
configure mode commands/options: group Associate object group names with interfaces. Warning: This option is designed for use solely by ASDM. Do not manually configure this option. history Enable/Disable Device Manager data sampling location Associate an external network object with an interface. Warning: This option is designed for use solely by ASDM. Do not manually configure this option.
exec mode commands/options: disconnect Specify ASDM session id to be disconnected after this keyword
=========== on system context ===========
FW1(config)#
asdm ?
configure mode commands/options: history Enable/Disable Device Manager data sampling image Specify Device Manager image file path
... View more
Labels:
04-13-2018
12:54 AM
Hello experts!
I need advise on potential reasons for interface output queue drops on Cisco 2960 switch and how can I identify the cause of it?
I am observing drops on 2 interfaces viz a 5500 firewall (its a 100 Mbps full duplex interface and getting over utilized - that explains the drops) and 2x 1 gig uplink bundled in a port channel.
I have added the interfaces in PRTG for interface bandwidth utilization, and the uplink ports hasn't exceeded its capacity however I still see the drops.
Thanks in advance!
... View more
Labels:
Created by
krishnadig
in VPN and AnyConnect
in VPN and AnyConnect
04-13-2018
12:44 AM
04-13-2018
12:44 AM
Thanks again for your input.
I got some additional information on this:
In the profile under “AnyConnect Profile Editor, Preferences (Part 1)” configuration have option to uncheck auto update for anyconncet client or you can set it as user controllable which means user can override this setting in the client.
If the version is higher on a client machine than ASA device then client will not be prompted for any upgrade
... View more
Created by
krishnadig
in VPN and AnyConnect
in VPN and AnyConnect
04-06-2018
06:45 PM
04-06-2018
06:45 PM
Hello RJI, Thank you for your response.
Is there a way to push this setting on multiple workstations? Not sure if it its doable via ASA group policy.
... View more
04-06-2018
07:26 AM
HI,
I have the below lines configured on my ASA version 9.7.x. Whenever a user with lower AnyConnect client version attempts to connect to this VPN, it prompts for upgrading the package.
webvpn enable outside anyconnect image disk0:/anyconnect-win-4.4.04030-webdeploy-k9.pkg 1
I intend to have a configuration on ASA such that it will not prompt the user to upgrade the AnyConnect package if it is minimum v4.x or v4.4.x. This will enable the users to connect to multiple VPNs using same client and without the need to upgrade it.
For trial, i removed the statement -
" anyconnect image disk0:/anyconnect-win-4.4.04030-webdeploy-k9.pkg 1"
In this case, the users are unable to connect with message:
"The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again."
... View more
- Tags:
- anyconnect
- asa
- vpn
Labels:
11-23-2017
03:31 AM
Hello Experts,
Please help with below scenario:
Background:
I need to configure NAT on a C3900 router to retain original IP address (referred as Identity NAT in firewall).
Scenario:
There is an existing configuration to perform unconditional NAT, and that's causing a hindrance for a new connection. The ways to overcome it (as per me) is to convert the existing config to "conditional NAT" using route map (needs downtime as its in production) or instead configure a new NAT statement with identity NAT; not sure if this concept works in IOS.
example:
ip nat inside source static 1.1.1.1 1.1.1.1 route-map temp-test
Appreciate your help. Thank you in advance.
... View more
Labels:
06-29-2017
06:39 AM
Hi Julio, fantastic explanation!
I have queries regarding multiple context. I want to create portchannel of firewall with sub-interfaces and assign it to contexts. example po1.10 to .20 for context1 and PO.30 to .40 for context 2.
1. Is such configuration supported?
2. Should I allocate Po1 to each context and create the subinterface at context level or create it in system context and allocate each sub interface to context? Does it matter either ways?
Thanks in advance
Krishna
... View more
10-22-2016
08:17 PM
Hi Dinesh,
Appreciate quick response!
Thats a very useful information.
Do you have any more information / recommendation for Context + VPN? (I am new to using contexts). And for resource allocation.
Thanks in advance
Krishna
... View more
10-22-2016
09:16 AM
Hello,
I am planning to combine two ASA 5510 (used for separate S2S VPN requirements) into a single Cisco ASA 5512-X using contexts. I would like to know if anyone has deployed S2S VPNs in multi context mode, any known issues and how resource allocation is done (for example)?
Thanks in advance
Krishna
... View more
- Tags:
- multiple context
- vpn
Labels:
10-18-2016
03:01 AM
Hi!
On ASA, suppose I apply a inbound control plane ACL on outside interface; what will be the impact / consequence to the inbound traffic that is using outside interface IP for PAT or Static PAT.
Control plan ACL is applied to restrict to-the-box traffic.
Thanks in advance
Krishna
... View more
- Tags:
- copp
Labels:
Created by
krishnadig
in VPN and AnyConnect
in VPN and AnyConnect
10-12-2016
01:55 AM
10-12-2016
01:55 AM
Hello Friends,
I have query about VPN services on a ASA.
Can a single ASA host both VPN types - AnyConnect Remote Access & Site to Site IPSec (L2L)?
Except license, are there any points to be considered while hosting both on the same device.
Thanks in advance.
Krishna
... View more
- Tags:
- vpn
Labels:
09-22-2016
03:26 AM
Yes, I agree may be due to TCP intercept.
I dug further on this topic, and found other ASA's configured in same manner having OS 8.2(5.xx) dont behave like this; however the previous versions do. I am trying a version upgrade from 8.0 to 8.2; hopefully it fixes it. Fingers crossed!!
... View more
Created by
krishnadig
in Network Management
07-02-2018
07-02-2018
Hello Friends, Looking for some industry practice or advise how to
handle such situation proactively...
05-21-2018
I just realized I don't need additional configuration, except for
specifying the ASDM image on syste...
05-20-2018
Hi, I need to gain access of a ASA Context using ASDM. I am unable to
configure ASDM image syntax (a...
04-13-2018
Hello experts! I need advise on potential reasons for interface output
queue drops on Cisco 2960 swi...
04-13-2018
Thanks again for your input. I got some additional information on this:
In the profile under “AnyCon...
04-06-2018
Hello RJI, Thank you for your response. Is there a way to push this
setting on multiple workstations...
04-06-2018
HI, I have the below lines configured on my ASA version 9.7.x. Whenever
a user with lower AnyConnect...
11-23-2017
Hello Experts, Please help with below scenario: Background: I need to
configure NAT on a C3900 route...
06-29-2017
Hi Julio, fantastic explanation! I have queries regarding multiple
context. I want to create portcha...
10-22-2016
Hi Dinesh, Appreciate quick response! Thats a very useful information.
Do you have any more informat...
10-22-2016
Hello, I am planning to combine two ASA 5510 (used for separate S2S VPN
requirements) into a single ...
10-18-2016
Hi! On ASA, suppose I apply a inbound control plane ACL on outside
interface; what will be the impac...
Created by
krishnadig
in VPN and AnyConnect
10-12-2016
10-12-2016
Hello Friends, I have query about VPN services on a ASA. Can a single
ASA host both VPN types - AnyC...
Public Statistics
| Date Registered | 09-07-2015 11:11 AM |
| Date Last Visited | 08-27-2019 06:58 AM |
| Total Messages Posted | 41 |
| Total Helpful Votes Received | 5 |
Helpful Votes Given To
| User | Helpful Count |
|---|---|
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 5 |
.jpg "Hall of Fame Master"){kind=icon}
