Search results for query: *

Cool, thanks for the reply. Just to clarify on step 5, when you say restore the old context configuration, is it just a case of using the old context's config.url?

Has anyone renamed a context on an ASA? Just want to know the easiest way, and any gotchas to be aware of. If I delete the incorrectly named context, create my new one, allocate the interfaces and point it to the old config-url (ie. the config-url from the incorrect context), would this work...

...ip 10.1.0.0 255.255.255.0 10.0.0.0 255.0.0.0 failover failover lan unit primary failover lan interface faillink GigabitEthernet0/3 failover key *** failover replication http failover link faillink GigabitEthernet0/3 failover interface ip faillink 172.16.254.1 255.255.255.252 standby...

Yes, the spoofing issue has occurred to me- though I think it's related to a route back which raises its own set of problems... I think I may need to raise a TAC case for it... Thanks again.

No problem, appreciate you taking the time to respond :) Anyone know if this is possible?

No, I want to ssh directly into the secondary, but to the inside interface- so my packet will arrive on the outside interface of the primary ASA, be decrypted and sent out the inside interface of the primary ASA to the inside interface of the secondary ASA. I think it's the route back that's the...

I am on the other end of the VPN (where the 10.5.x.x network is). So when I ssh to the primary ASA (10.1.0.1), my packet goes over the VPN and, thanks to the 'management-access inside' command, allows me to connect to the inside interface. I need 'ssh 10.5.0.0 255.255.0.0 inside' also to allow...

I have an HA pair of ASAs that I need to manage over the VPN- the primary is fine, I can ssh to the inside interface over the tunnel, but I can't ssh to the inside interface of the secondary ASA (over the tunnel). Maybe it's not possible to do? Anyway, here's what I believe are the relevant...

Hi, I currently manage a 5520 over a VPN to the inside interface. This works fine, all requisite config is in place. However, I wish to be able to connect to the secondary firewall in this way- ie. across the VPN to the inside interface- but currently this doesn't work. Is there a way of...

A while back I was CCNP certified, but have been concentrating on Security for the last 6 or so years, so let the CCNP lapse. I am now thinking it would be useful to get the CCSP (or parts of it, at least), but on checking the Cisco site, it appears I have to do the CCNA, then the CCNA Security...

Probably an easy one for someone to answer, I'm just looking for confirmation really. Got a VPN between two ASA 5510s which works fine. I want to manage the remote ASA via the inside interface, so will add the 'management-access inside' command. However, I imagine i will also need to add ssh...

No, tunnel is not being formed. I am getting the following message in the debug: SAKMP (0): beginning Main Mode exchange crypto_isakmp_process_block:src:217.x.x.x, dest:81.x.x.x spt:500 dpt:500 return status is IKMP_NO_ERR_NO_TRANS ISAKMP (0): retransmitting phase 1 (0)... ISAKMP (0)...

...map vpn 10 set security-association lifetime seconds 3600 kilobytes 4608000 crypto map vpn interface outside isakmp enable outside isakmp key ******** address 217.x.x.x netmask 255.255.255.255 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash...

hi Just wondering if anyone has configured cut-through proxy on the ASA? Got a couple of questions on it- first, if I use http for the auth, will the end user browse to the firewall first, authenticate, and then have access through? second, will I need to nat their IPs (ie do I have to create...

Thanks Supergrrover- the problem was actually my laptop- used a different PC and worked like a dream.

I have a pix 515e, but have no idea what the existing config is or even what version of PixOS it's running. I need to use it for some testing and want to restore it to factory default, but can't run the password recovery as when I boot into monitor and set up an IP on eth1, I can't ping my...

...encryption 3des hash sha group 2 lifetime 86400 tunnel-group 87.x.x.x type ipsec-l2l tunnel-group 87.x.x.x ipsec-attributes pre-shared-key * Though I don't manage the router, they have sent me the config and I can't see anything unusual with it, as the tunnel is up and passes traffic...

Is there a way of defining a block within a range without having to add them all individually? eg. 192.168.1.1 to .50

Hi, I have had to install both Watchguard and Checkpoint VPN clients for testing purposes on my laptop. I now need to install Cisco VPN Client. Anyone know whether I can have the three different clients installed? Thanks in advance...

Sorry, it's secure client, not secure remote...