Search results for query: *

ok, figured it out - I forgot to add the nat 0 statement for the elser interface. Something so easy, yet I completely overlooked it!

...3des hash sha group 2 lifetime 86400 tunnel-group x.x.178.110 type ipsec-l2l tunnel-group x.x.178.110 ipsec-attributes pre-shared-key * tunnel-group x.x.69.196 type ipsec-l2l tunnel-group x.x.69.196 ipsec-attributes pre-shared-key * tunnel-group wevpnusers type ipsec-ra tunnel-group...

definitely sounds like split tunneling. can you post your config?

well, turns out the consultant had pfs turned on - once he turned it off, the tunnels came right up!

just curious what the industry "best practices" was in regards to using Perfect Forward Secrecy. I notice a lot of other security devices ship with it enabled by default (and I understand that the reissuing of the DH keys everytime a new tunnel is established is more secure), but was just...

Hi Alex, add PPTP inspection to the default policy-map using the default class-map. asafirewall(config)#policy-map global_policy asafirewall(config-pmap)#class inspection_default asafirewall(config-pmap-c)#inspect pptp You do not need to define a static mapping because the asa now inspects...

client asked me to setup a site to site tunnel between 3 sites (Sites A, B and C) Site A has a Cisco ASA 5510 Site B has a Cisco ASA 5505 Site C has a Juniper Netscreen 50 I was responsible for Sites A and B and another consultant took care of the Netscreen. The L2L tunnel between my 5510 and...

I've been going through the ISA Server 2004 documentation, but can't seem to find out if this is possible. What I would like to do is have an external user be able to type a url like http://crm.company.com and have that http request be directed to the ISA server. I would then like the ISA...

great. thanks Brent.

I should also note that currently none of my network switches (cheap dell switches) do vlans

my company has been tasked with colocating a couple of other company's servers for a few months. - We currently have a two separate links to the internet (microwave and cable). The microwave is our company's main line to the internet with cable used for backup. - We would like to use one...

it's been released (currently version 8.0.2) anyone deploy it and test it out yet?

Outstanding!! thank you Brent. that completely was the issue. Regards, Kevin

thanks for the link Brent, I am going to read that tonight. also, just an fyi, I cleared the security associations (and dropped the lan to lan tunnel) but the remote access issue persists. So at least that is now factored out!

also, just a quick follow up. this only started once I created the lan to lan connection. Prior to that, it was working fine. I haven't had a chance to sever the lan to lan tunnel (as it is in use) to see if I can regain access via the remote access connections.

...accounting-server-group AAA_ServerGroup default-group-policy xxxvpnclients tunnel-group xxxvpnclients ipsec-attributes pre-shared-key * tunnel-group x.x.187.75 type ipsec-l2l tunnel-group x.x.187.75 ipsec-attributes pre-shared-key * no tunnel-group-map enable peer-ip telnet timeout 5 ssh...

Hello all, question - is there an issue with having an exchange server use two separate ip addresses (specifically in regards to OWA)? the problem is that I can't enable forms based authentication at all. I've done it on about 10 other production servers without any issue, but on this...

My company has two separate broadband lines to different ISPs. I was originally going to use a 5505 for the backup line and a 5510 for the main line. My boss asked if there was a way to connect both lines to one device and have that device keep the two ISP networks separate. This made me think...

...authentication-server-group AAA_ServerGroup default-group-policy cd3vpnclients tunnel-group cd3vpnclients ipsec-attributes pre-shared-key * tunnel-group x.x.x..75 type ipsec-l2l tunnel-group x.x.x..75 type ipsec-l2l tunnel-group x.x.x..75 ipsec-attributes pre-shared-key * tunnel-group...

hello. I have isa server at the perimeter. It's external interface has a block of addresses from 66.x.x.210 through 66.x.x.215 66.x.x.210 is the first address assigned to the external interface so that this is the address used by all internal clients when they are accessing resources on the...