Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We have a need to determine the breakdown of various sslvpn Anyconnect clients connecting to our hub ASA's. Is there a method, either in the ASDM or CLI (or syslog) to determine the client type and count (e.g. Android vs. Linux vs. iOS vs Windows)?
Looking for confirmation whether 8.4.3 code (or higher) can support the ability for spoke endpoint ASA5505's to have certificate based, IKEv2 Site to Site VPN tunnels to separate ASA hub sites at separate geographical locations for high availability...
We have a Cisco 3925 router with an EHWIC-4ESG card running on IOS image c3900-universalk9-mz.SPA.150-1.M2.bin. A show diag shows this card as disabled/not supported. Needing assistance to determine if the IOS code installed is the reason for the c...
We have noticed in that icmp echo-replies and traceroutes that hit the real ip (rip) of the SVI on our 4506 supervisor have unusually high response times, but traces and pings through the switch respond with normal/expected latency values.It is my un...
Is it possible to terminate sslvpn anyconnect clients on a cisco router w/security ios that also has ipsec gre tunnels via the same external interface, and have the sslvpn anyconnect clients traffic traverse the ipsec tunnels to other destinations? W...
Thank you for your help.I found the problem, which was close to your suggestion. The solution was that I needed a nonat acl containing the remote subnets, but also I needed an outside nat 0 command.Example:access-list nonat-remote any 192.168.240.0 ...
the remote soho subnets are /29 subsets of the 192.168.250.0/24, and the dhcp pool for the Anyconnect contains usable ip's within the 192.168.260.0/24 subnet. The nonat permit acl is 192.168.0.0/16.This nonat range should cover both the sslvpn dhcp ...
Thanks for the suggestion. Below are the current port configuration for an auto qos port with pc/phone, as well as the commands I tried on a set of selective interfaces (G3/1 -2). I get an error regarding the asic. Since we have phone ports requir...
Yeah below is the current port configuration that the storm-control broadcast xx command was applied to. FYI I also tried the command on the port after I removed the voice vlan command (so that the port was truly only an access port), and still rece...
Hi Jon,We are running FWSM 3.25, and ASA 7.24, so we should have the ability. I don't see where in the url you sent me the commands to change individual port conn timeout values. Is it a policy-map configuration?Thanks
