Cool, thanks for the reply.
Just to clarify on step 5, when you say restore the old context configuration, is it just a case of using the old context's config.url?
Has anyone renamed a context on an ASA? Just want to know the easiest way, and any gotchas to be aware of.
If I delete the incorrectly named context, create my new one, allocate the interfaces and point it to the old config-url (ie. the config-url from the incorrect context), would this work...
Yes, the spoofing issue has occurred to me- though I think it's related to a route back which raises its own set of problems...
I think I may need to raise a TAC case for it...
Thanks again.
No, I want to ssh directly into the secondary, but to the inside interface- so my packet will arrive on the outside interface of the primary ASA, be decrypted and sent out the inside interface of the primary ASA to the inside interface of the secondary ASA. I think it's the route back that's the...
I am on the other end of the VPN (where the 10.5.x.x network is). So when I ssh to the primary ASA (10.1.0.1), my packet goes over the VPN and, thanks to the 'management-access inside' command, allows me to connect to the inside interface. I need 'ssh 10.5.0.0 255.255.0.0 inside' also to allow...
I have an HA pair of ASAs that I need to manage over the VPN- the primary is fine, I can ssh to the inside interface over the tunnel, but I can't ssh to the inside interface of the secondary ASA (over the tunnel). Maybe it's not possible to do?
Anyway, here's what I believe are the relevant...
Hi,
I currently manage a 5520 over a VPN to the inside interface. This works fine, all requisite config is in place. However, I wish to be able to connect to the secondary firewall in this way- ie. across the VPN to the inside interface- but currently this doesn't work. Is there a way of...
A while back I was CCNP certified, but have been concentrating on Security for the last 6 or so years, so let the CCNP lapse. I am now thinking it would be useful to get the CCSP (or parts of it, at least), but on checking the Cisco site, it appears I have to do the CCNA, then the CCNA Security...
Probably an easy one for someone to answer, I'm just looking for confirmation really.
Got a VPN between two ASA 5510s which works fine. I want to manage the remote ASA via the inside interface, so will add the 'management-access inside' command.
However, I imagine i will also need to add ssh...
No, tunnel is not being formed. I am getting the following message in the debug:
SAKMP (0): beginning Main Mode exchange
crypto_isakmp_process_block:src:217.x.x.x, dest:81.x.x.x spt:500 dpt:500
return status is IKMP_NO_ERR_NO_TRANS
ISAKMP (0): retransmitting phase 1 (0)...
ISAKMP (0)...
hi
Just wondering if anyone has configured cut-through proxy on the ASA?
Got a couple of questions on it- first, if I use http for the auth, will the end user browse to the firewall first, authenticate, and then have access through? second, will I need to nat their IPs (ie do I have to create...
I have a pix 515e, but have no idea what the existing config is or even what version of PixOS it's running.
I need to use it for some testing and want to restore it to factory default, but can't run the password recovery as when I boot into monitor and set up an IP on eth1, I can't ping my...
...encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 87.x.x.x type ipsec-l2l
tunnel-group 87.x.x.x ipsec-attributes
pre-shared-key *
Though I don't manage the router, they have sent me the config and I can't see anything unusual with it, as the tunnel is up and passes traffic...
Hi,
I have had to install both Watchguard and Checkpoint VPN clients for testing purposes on my laptop.
I now need to install Cisco VPN Client. Anyone know whether I can have the three different clients installed?
Thanks in advance...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.