Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Search results for query: *

  • Users: garnetbobcat
  • Order by date
  1. garnetbobcat

    Cisco ASA IPS (SSM)

    The interface on the AIP-SSM is just for management. Traffic is sent to the AIP-SSM via the ASA backplane. That is the only sniffing interface. Depending on how you configure the ASA to send traffic to the AIP-SSM you can use it in in-line or promiscuous mode. This doc describes sending...
  2. garnetbobcat

    WebVPN with Vista

    It looks like the SSL VPN Client is not supported with Vista. http://www.cisco.com/en/US/products/ps6657/products_qanda_item09186a0080553209.shtml#errfg If you can upgrade the ASA, you should upgrade to the latest version of 8.x code and use the AnyConnect client. SSL VPN is much improved in...
  3. garnetbobcat

    NAT

    Yeah, nat-control was not introduced until 7.0. Same with Transparent mode. Brent, the Mail Server doc is a good call. Burt, it's a shame you can't set it up like that! Pursuing two different paths here: 1. Why do you want to add the PIX? Especially given that it's an old one. If you...
  4. garnetbobcat

    common jr - sr network engineer interview questions

    In my experience: For junior people or interns, it's interesting to ask them to explain how they think something that they are not familiar with works. For example, we once asked a potential intern to explain how the 7960 on the desk was able to call the cell phone in my pocket. This can shed...
  5. garnetbobcat

    Establish VPN from Static IP to Dynamic IP

    And that's a great example! It's just the other way around! :-) Matt http://www.wr-mem.com
  6. garnetbobcat

    Establish VPN from Static IP to Dynamic IP

    Why would DYNDNS not work here? Natesin wants to initiate a connection from an ASA with a static IP address to an ASA with a dynamic IP address. This could work at least two ways. 1. If the static ASA is configured as an EZVPN client it can be configured to connect to a hostname...
  7. garnetbobcat

    Establish VPN from Static IP to Dynamic IP

    You could use a service like DynDNS to provide a domain name for the dynamic ASA. The ASA doesn't have a DynDNS client, though, so you would need a PC or something behind the ASA to update the service when the dynamic IP changes. Matt http://www.wr-mem.com
  8. garnetbobcat

    Cisco VPN Static Route

    Since you already have split tunneling working, all you should have to do is add that new network to your split tunnel list. Matt http://www.wr-mem.com
  9. garnetbobcat

    Cisco ASA 5505SecPlus as internetgateway for multiple vlan's

    I think I have it figured out. Messing with security levels and an ACL will not help. Sorry for that lousy suggestion. I just labbed your configuration up and it appears that NAT is applied on a per-interface basis on the ASA, not a per-flow basis. This means that if you apply any NAT...
  10. garnetbobcat

    Cisco ASA 5505SecPlus as internetgateway for multiple vlan's

    Hmm. And you're sure that traffic flowed between the interfaces before? ;-) Here are some ideas: 1. Turn on logging and look for clues in your log. Look for translation errors or deny messages. 2. Try removing the line: access-list inside_nat0_outbound extended permit ip 192.168.200.0...
  11. garnetbobcat

    Cisco ASA 5505SecPlus as internetgateway for multiple vlan's

    nat statements are interface specific, and it appears that you only have a nat statement configured for your "inside" network. You don't have one for your "inside2" network. You have: nat (inside) 1 0.0.0.0 0.0.0.0 Keep that and try adding: nat (inside2) 1 0.0.0.0 0.0.0.0 Also, just a...
  12. garnetbobcat

    Cisco ASA 5505SecPlus as internetgateway for multiple vlan's

    Please post your whole configuration. It sounds like NAT might be the culprit, but you did not include that part of the config. Matt http://www.wr-mem.com
  13. garnetbobcat

    ASA - SSL/VPN - Custom Portal

    To enable/disable the tunnel group dropdown in ASDM on 8.0: Configuration | Remote Access VPN | Clientless SSLVPN Access | Connection Profiles check/uncheck "Allow user to select connection..." near the bottom of the right pane. Matt http://www.wr-mem.com
  14. garnetbobcat

    Cisco VPN client

    It's not quite clear what you're asking here. The address pool in an RAVPN configuration is the pool of addresses that get assigned to clients when they connect. The pool does not have an impact on who can connect to the ASA with the VPN Client. Generally, anyone should be able to connect...
  15. garnetbobcat

    ASA5510 , FTP problem

    Sounds like you don't have FTP inspection configured. ASA(config)#policy-map global_policy ASA(config-pmap)#class inspection_default ASA(config-pmap-c)#inspect FTP Matt http://www.wr-mem.com
  16. garnetbobcat

    Some good weblinks I've found

    First a bit of shameless self-promotion. ;-) http://www.wr-mem.com - My CCIE Security Blog and general tips I also follow: http://cisconews.co.uk/ - General Cisco stuff and tips http://blog.internetworkexpert.com/ - A lot of excellent CCIE-level material http://www.ciscoblog.com/ - General...
  17. garnetbobcat

    Change Mgt Interface IP Address

    Excellent! Matt CCIE Security http://www.wr-mem.com
  18. garnetbobcat

    Change Mgt Interface IP Address

    Is your PC permitted to connect to the ASA with ASDM? For example any host can connect to this ASA with ASDM on the "man" interface: ASA# sh run http http server enable 8080 http 0.0.0.0 0.0.0.0 man What about routing? Does the ASA have a route to send packets back to your PC? Post your...
  19. garnetbobcat

    Another (Notso) Easy VPN problem

    Good news! The Cisco AnyConnect client, which uses SSL, supports Vista. In fact, it's the only way you can do full tunnel VPN on Vista x64 - there's no Ipsec client for it. http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/product_data_sheet0900aecd80405e25.html -----...
  20. garnetbobcat

    How to configure 2 inside subnets in pix 515

    Do you mean you have two subnets that are on two separate VLANs (one subnet per VLAN)? If so, you need to configure subinterfaces on the ASA. One subnet can be on interface "inside" and the other one can be "inside2" or whatever you want to call it...

Part and Inventory Search

Back
Top