Cisco Community
English
Register
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
RJI
RJI
Member since ‎12-05-2010
Collaborator
IT contractor based in the UK, specialising in network/security solutions. CCNP (Security and Routing & Switching)
Personal Web Page : https://integratingit.wordpress.com/
1024
Posts
967
Helpful
140
Solutions
Recent Badges
CCP Member
100 Helpful Vote
50 Accepted Solution
15 Accepted Solution
1 Accepted Solution
View All
Recent Badges
Awards

Re: 2511-RJ45 lab TS

Created by RJI Collaborator in VPN and AnyConnect
‎10-20-2018 02:59 AM
‎10-20-2018 02:59 AM
Hi, I assume the Cisco 2511 router has a private IP address? If yes, you'd need to setup port forwarding on your internet router (the vr2800) and forward the port(s) you want to connect to, to the private IP address of the 2511.   HTH ... View more

Re: Connect FTD to FMC with NAT at both...

Created by RJI Collaborator in Firewalls
‎10-18-2018 06:47 AM
‎10-18-2018 06:47 AM
Is it an internet circuit you will be using or a P2P link? Assuming its an internet circuit, the cleanest way of the configuring it would be a router, with a small switch to connect the inside router interface, FW outside and FW mgmt, this is what I've used in the past. There are other clunky and probably unsupported ways of pre-configuring the FTD. If it's a P2P link (as per your diagram) you'd just need a switch as both end's would be on the same network. ... View more

Re: Connect FTD to FMC with NAT at both...

Created by RJI Collaborator in Firewalls
‎10-18-2018 06:32 AM
‎10-18-2018 06:32 AM
You won't be able to route to 1.1.1.1 if the mgmt interface is on 10.2.0.0 network and plugged into the inside network. Put the Mgmt and Outside interfaces in 1.1.1.x network, they can then reach the address 1.1.1.1 ... View more

Re: ASA 5506 Management access from vpn...

Created by RJI Collaborator in VPN and AnyConnect
‎10-17-2018 06:38 AM
‎10-17-2018 06:38 AM
Yes, you are completely correct, my mistake - "management-access inside". Which you already have defined. Can you run packet-trace and upload the output please? ... View more

Re: anyconnect client profile configura...

Created by RJI Collaborator in VPN and AnyConnect
‎10-17-2018 05:20 AM
‎10-17-2018 05:20 AM
You would use IKEv2 routing with authorization policy to distribute the routes to the remote clients. ... View more

Re: Block all incoming trafic on a NAT

Created by RJI Collaborator in Other Security Subjects
‎10-17-2018 04:48 AM
‎10-17-2018 04:48 AM
Yeah true. Use ZBFW then, it's stateful and would allow return traffic? ... View more

Re: Block all incoming trafic on a NAT

Created by RJI Collaborator in Other Security Subjects
‎10-17-2018 03:07 AM
‎10-17-2018 03:07 AM
Hi, You would need to create an ACL and apply this ACL inbound on your outside interface, deny from any IP to the destination A.B.C.D (your new nat public ip address) then permit all other ip traffic (if so desired). HTH ... View more

Re: ASA 5506 Management access from vpn...

Created by RJI Collaborator in VPN and AnyConnect
‎10-17-2018 02:54 AM
‎10-17-2018 02:54 AM
Hi, So you wan't to manage the ASA remotely connecting to the INSIDE interface over the VPN tunnel using SSH/ASDM? You would need to use "management-access INSIDE" to permit this. Info here.   EDIT: to reflect correct interface.   HTH ... View more

Re: How to shut down ASA Site to Site V...

Created by RJI Collaborator in Firewalls
‎10-16-2018 02:48 PM
‎10-16-2018 02:48 PM
Ok. When you removed the ACL did you clear the SAs (assuming they were already active)? How are you routing the traffic?...if no interesting traffic is even routed via that firewall the tunnel would not establish. ... View more

Re: How to shut down ASA Site to Site V...

Created by RJI Collaborator in Firewalls
‎10-16-2018 02:28 PM
‎10-16-2018 02:28 PM
Hi, You could disable the crypto map on the outside interface. E.g - "no crypto map XXCryptoMap interface OUTSIDE" <- assuming OUTSIDE is the name of your outside interface. Of course, that would disable all VPN's on that interface, if you have any others? HTH ... View more

Re: Connect FTD to FMC with NAT at both...

Created by RJI Collaborator in Firewalls
‎10-16-2018 09:23 AM
‎10-16-2018 09:23 AM
Hi, You will need to create a static NAT of the firewall in front of the FMC, to nat tcp/8305 to the private IP address of the FMC. On the FTD when configuring the manager, use a natid. E.g "configure manager add <public nat ip of fmc> <registration key> <natid>". When registering the device on the FMC, the IP address you'd enter is the private (real) ip address of the FTD, in the "Unique NAT ID:" box enter the natid configured on the FTD. HTH ... View more

Re: IOS - Selective ISAKMP keepalive pe...

Created by RJI Collaborator in VPN and AnyConnect
‎10-16-2018 01:47 AM
‎10-16-2018 01:47 AM
Hi, You can configure the keepalive under the isakmp profile(s) rather than configure globally. Link here HTH ... View more

Re: DMVPN via Cisco ASA

Created by RJI Collaborator in VPN and AnyConnect
‎10-15-2018 01:54 AM
‎10-15-2018 01:54 AM
Hi, UDP/500 and ESP, if you are NATTING behind the ASA then you will also need UDP/4500 HTH ... View more

Re: ASA AnyConnect blocking port 80

Created by RJI Collaborator in VPN and AnyConnect
‎10-12-2018 02:00 PM
‎10-12-2018 02:00 PM
Hi, Do you have "http redirect outside 80" configured? If so try removing it HTH ... View more

Re: Using blank or null value in the co...

Created by RJI Collaborator in Policy and Access
‎10-12-2018 11:27 AM
‎10-12-2018 11:27 AM
Hi, Why not specify rules that match conditions/attributes above a default rule which denies access? This would deny the null/blank values which would not be match in the more specific rules above. ... View more
Public Statistics
Date Registered ‎12-05-2010 06:35 AM
Date Last Visited
Total Messages Posted 1,024
Total Helpful Votes Received 967
Helpful Votes Given To
Helpful Votes From