Search results for query: *

Attached a simple layout. So VPN networks have to travel through the 800 router. As you said Brent i assume a full DMZ will do this the best way but how exactly. http://www.dataphone.se/~martyboy/network.jpg

Hi, Yes i know. They have shipped a configured router for access to their network. The WAN public IP is one of ours ( not beeing used of course ) but the LAN side is as i said a public network ( .252 ) The Public IP on the LAN side is NOT ours but something the configured. So on the cisco...

Hi! We have a customer with one ASA5505 base license. They are going to get connected to another company by VPN. This company is very strict about who´s connecting so instead of using the ASA as VPN device they have configured and shipped a cisco 800 router. This router is configured with a...

Brent, That makes sense! Thanks for you answers

Hi! Can someone give me a good explanation why you should use outbound access-lists instead of inbound. Example. I want to restrict inside users to only use http and https. As i understand you can use inbound on inside interface or/and outbound on outside interface. I have always used...

I solved it. Added a global outside and now it works like a charm. Thx buddy!

Hi, I have no problems getting the vpn tunnel to work but the clients on the remote network don´t have any internet access. I assume it has something to do with NAT at the HQ side but i can´t figure it out.

Thx, How should the crypto ACL look like at HQ? access-list 101 extended permit ip 1.1.1.1/24 2.2.2.2/24 or?

I assume i need to disable all NAT at my remote asa and change the VPN acl to ANY.

Hi, I am about to configure a site to site VPN between to ASA. I have no problem setting up the tunnel but i want one ASA to use the HQ ASA as internet gateway. I know this is possible but i havent tried it yet. Any ideas anyone? If you got any information on Ciscos homepage it would be...

Don´t put your vpn-pool on the same subnet as your local lan. Chose a different subnet for the vpn-pool. Your nat exempt looks weird. It should be something like this access-list no_nat extended permit ip "local lan" "vpn pool"

Have you added a bookmark with FTP?

I have done some more testing and i am getting mixed results. The polices work 100%. The host scan checks 5 different registry and filechecks. Firefox works but when i use the RDP plugin i can´t use swedish characters. With IE it works 100%

Sorry typo. I meant i CAN post the result here when i have done some more testing =D

As unclerico says it shouldnt touch your LAN. You can try disabling the proxy ARP for the inside interface but thats just a longshot

You have to define wich traffic the VPN should listen to. I can´t find that anywhere in your config. One suggestion. The second ASA with DHCP on the outside interface. Why don´t you use the easy VPN on that asa instead? In such scenario you configure the asa as a vpn client, works great...

The wizard works imo good. It should be enough. But there is alot of other things that can mess upp the tunnel. Are both firewalls cisco?

Hi, well it seems that the only browsers that works good is IE. Firefox doesnt work at all. Sometimes it doesnt read the policies at all. We are in testphase so gonna do some more digging, i can´t post the result here. I am using the latest version, 8.04 on a 5510 with AIP module.

So, It seems i have found a solution for this. I configured 3 different dynamic access policies and pointed them to different bookmarks. It works pretty well. Martin

Hi Guys, I have the following scenario. Users login with the clientless ssl. CSD checks for certain registry keys. If found i want the users to login and have full access to the portal. If the check fails i still want users to be able to login but have a restricted portal. Is that possible?