Recent content by bannomust

Hi, before add this new cal you need to create a object group for "internethost$" and after that try below acl command. access-list 88 extended permit ip object-group uboxen host internethost$ hope this will help. Regards, Mustafa Gangardiwala Mustafa Gangardiwala CCIE-Security # 16253...

or you can create a network object-group and add all those ip in that group so it will be easy for you to add and remove the ip address. Thanks, Mustafa gangardiwala Mustafa Gangardiwala CCIE-Security # 16253, CISA CISM,CISSP,INFOSEC, MCSE, CNE http://netseczone.blogspot.com

hi, you can sepecify your internal dns and wins name server ip address in vpn configuration so when client will connect, they will use your internal dns and wins for name resolution and they will able to connect through the name. the sample config is as below for vpn group. group-policy...

you can use the following command to reset the isakmp and ipsec association. clear crypto isakmp sa clear crypto ipsec sa Thanks, Mustafa gangardiwala Mustafa Gangardiwala CCIE-Security # 16253, CISA CISM,CISSP,INFOSEC, MCSE, CNE http://netseczone.blogspot.com

you can chaged the tcp timeout global configuration which will resolve your passthrough ssh timeout issue. The default timeout is 30 min. You can change it via below command. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 Regards, Mustafa Gnagardiwala Mustafa Gangardiwala...

Are you doing the login authentication via the ACS or it's used the default internal database on ASA? if you are using ACS and enable the authorization on ASA then you need to configured it on ACS. If you are loggedin via local ASA database then give the privialge 15 to user which you areusing...

Hi, You need a Nat-Control in a case where you need to translate any of the source/destination address when traffic is passing from one interface to another interface. Nat-Control is only giving the nat funtioanlity nothing else so if you doen't need nat then disable it. Thanks, Mustafa...

It's possible to enable and disable the NAT based on traffic but for this, NAT must be enable on your ASA means " NAT-Control" should be enabled. You can define the traffic and type of NAT for that traffic. Make sure if you are doing NAT for voice traffic then voice traffic related inspection...

Hi, The default session timeout is 30 min for the tcp traffic and unfortuntely this is global configuration so you have to increase the timeout for all the tcp traffic not specifically TCP-9999 port related traffic. Command to changed the timedout to one hour is as below. timeout conn 1:00:00...

Hi, The best way to rename is to follow the below procedure. 1-Take backup of the present context configuration and assigned interface related configuration from the system context. 2-delete the context 3-create the new context with new name 4- assign the necessary interfaces. 5- restore the...