Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Can anyone tell me exactly what firewall rules and routes are required for the Botnet filter itself? I have multiple layers of firewalls upstream/downstream and I periodically receive "Failed to download dynamic filter data file from updater server ...
Hello Everyone,I am running into a possible show stopper with regards to user experience and ease of use running AnyConnect under Windows 7.Has anyone discovered a way to force the AnyConnect client to start with Start before Login and prompt the use...
Hi Everyone,This one might sound a little funny but I am trying to find a solution to accomplish the opposite of a PAT I think I need a reverse PAT?I need a method of translating a single IP into multiple IP's.one to many - not many to one.I am not l...
Hello Everyone,I have configured the ASA's for users to authenticate directly at the firewall via http/https. I am looking for a solution with Cut Through Proxy Authentication to do the following:1. When a user closes the browser the cached authenti...
Hi Everyone,I am about to build a new firewall'd infrastructure in which a significant amount of traffic will be running through it. I need to lock this firewall down as quickly as possible. Since there are no rules in place I will enable a “permi...
Hi Brian, Thanks for the reply. You are correct, SSO is out of the question and SBL doesn't work all that well with Windows 7 due to PLAP. I am surprised with Cisco at the lack of functionality with WIndows 7 and AnyConnect with Windows XP fast app...
Hi Brian, Thanks for this post. I was exactly in the same predicament and the ASA at this time does not have this type functionality built in. Your idea is great, crontab and wget work flawlessly. The only problem that I have is that I am capturing...
Hi Jon,Thanks for the reply. I would have to define sessionS based on source port as apposed to the destination port.I had the idea of static NAT as such for example:source 1.1.1.1 source port 1024 destination 2.2.2.2 source port 1024.Not sure if th...
Hi lamav,Thank you for the reply. The source address is always originated from a VIP.The destination requires a different source IP every time for authentication purposes.Thanks again.Chris
Gents,I just wanted to thank you for your responses and share some info with you. I have found a solution to my problem - “SVI Autostate Excludeâ€.Thanks again.Cheers,Chris
