Recent content by mdc1973

Cool, thanks for the reply. Just to clarify on step 5, when you say restore the old context configuration, is it just a case of using the old context's config.url?

Has anyone renamed a context on an ASA? Just want to know the easiest way, and any gotchas to be aware of. If I delete the incorrectly named context, create my new one, allocate the interfaces and point it to the old config-url (ie. the config-url from the incorrect context), would this work...

Yes, it's a failover pair. Scrubbed config below (removed irrelevant parts as well for ease of viewing): : ASA Version 8.2(1) ! ! interface GigabitEthernet0/0 nameif outside security-level 0 ip address 213.x.x.62 255.255.255.240 standby 213.x.x.61 ! interface GigabitEthernet0/1 nameif...

Yes, the spoofing issue has occurred to me- though I think it's related to a route back which raises its own set of problems... I think I may need to raise a TAC case for it... Thanks again.

No problem, appreciate you taking the time to respond :) Anyone know if this is possible?

No, I want to ssh directly into the secondary, but to the inside interface- so my packet will arrive on the outside interface of the primary ASA, be decrypted and sent out the inside interface of the primary ASA to the inside interface of the secondary ASA. I think it's the route back that's the...

I am on the other end of the VPN (where the 10.5.x.x network is). So when I ssh to the primary ASA (10.1.0.1), my packet goes over the VPN and, thanks to the 'management-access inside' command, allows me to connect to the inside interface. I need 'ssh 10.5.0.0 255.255.0.0 inside' also to allow...

I have an HA pair of ASAs that I need to manage over the VPN- the primary is fine, I can ssh to the inside interface over the tunnel, but I can't ssh to the inside interface of the secondary ASA (over the tunnel). Maybe it's not possible to do? Anyway, here's what I believe are the relevant...

Hi, I currently manage a 5520 over a VPN to the inside interface. This works fine, all requisite config is in place. However, I wish to be able to connect to the secondary firewall in this way- ie. across the VPN to the inside interface- but currently this doesn't work. Is there a way of...

A while back I was CCNP certified, but have been concentrating on Security for the last 6 or so years, so let the CCNP lapse. I am now thinking it would be useful to get the CCSP (or parts of it, at least), but on checking the Cisco site, it appears I have to do the CCNA, then the CCNA Security...

Probably an easy one for someone to answer, I'm just looking for confirmation really. Got a VPN between two ASA 5510s which works fine. I want to manage the remote ASA via the inside interface, so will add the 'management-access inside' command. However, I imagine i will also need to add ssh...

No, tunnel is not being formed. I am getting the following message in the debug: SAKMP (0): beginning Main Mode exchange crypto_isakmp_process_block:src:217.x.x.x, dest:81.x.x.x spt:500 dpt:500 return status is IKMP_NO_ERR_NO_TRANS ISAKMP (0): retransmitting phase 1 (0)... ISAKMP (0)...

Trying to get a VPN set up between my pix 515e (running 6.3(4))and a 3rd party checkpoint NG r54. I need to NAT my source traffic, and have the following config: access-list 101 permit ip 10.1.1.0 255.255.255.128 192.168.1.0 255.255.255.0 access-list 102 permit ip 172.16.1.0 255.255.255.128...

hi Just wondering if anyone has configured cut-through proxy on the ASA? Got a couple of questions on it- first, if I use http for the auth, will the end user browse to the firewall first, authenticate, and then have access through? second, will I need to nat their IPs (ie do I have to create...

Thanks Supergrrover- the problem was actually my laptop- used a different PC and worked like a dream.