Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We've run into a problem and I'm hoping someone here has at least seen it and can offer some advice or a solution going forward. We have an ISR 4331 with a NIM-ES2-4 module in it. For the longest time, it only had the built-in G0/0/0 and G0/0/1 in...
We're having an issue with one particular user that when she initiates a VPN connection, it can take up to 11 minutes to complete the process. According to the AnyConnect logs, the area where it gets stuck is where the AnyConnect downloader is per...
I apologize if this has been asked and answered in the forums. I searched and while I found a large number of entries that danced all around this particular question, I never found anything that addressed this specific question. We are currently ...
We have a somewhat diverse network. On the "legacy" side (consisting of a dark and leased fiber "MAN", PPP circuits, and a gig fiber based LAN) we have OSPF. On the "New" side we have MPLS as a replacement for our Frame Relay infrastructure. Our t...
We recently converted our VPN from a 3000 series concentrator to an ASA5520. Out of the 60 or so folks that connect frequently, I have at least 2 that are having a recurring problem. They connect into the VPN just fine. They're able to access all...
I can't speak to that directly as that's not how we load balance ours. We use F5 load balancers. However, I do believe if you're going to the ASA's native load balancing, then it makes sense that they would need to be in the same subnet as the vir...
Yes, that's what we do. Although, we do not use the ASA's native load balancing mechanism. Ours are behind F5 load balancers so the individual ASAs don't necessarily know about each other. However, specific to the certificate, yes, we create th...
I can't speak for Azure but with Okta, if you follow their instructions, they have you create the certificate on the ASA itself so it would essentially be a self signed certificate. What we do is use a public certificate authority (DigiCert) for t...
GSLB, aka DNS, is really just DNS so there's no trick there to load balancing a VPN connection. All you would need to do is to add your pools to the same WIP, protocols aren't an issue there. The real work takes place at the LTM level with what pro...
Hi Joseph. Thanks. I heard back from our SE last night with essentially the same information. We're going to be sending an SFP so we can move the physical connection to the g0/0/3 interface and configure it basically the same way as the existing c...
