ASA 5520 problem

Hello

I bought an ASA5520, and I could not access to the console port. Another thing I think that is not normal is because the status light is amber as soon as turn on the switch.

Is this a hardware problem?

Thank you.

Neirival (Brazil/Angola)

Hello Neirival,

When you say "could not access the console port" you don't say 'no response from the console port'?

Simple things first:

-is this console connection set up in the standard, IE, 8 data bits, etc, etc.?

-the console connection works for Cisco devices?

I must say, however, the amber looks like bad news. DOA?

Kind regards

theterranaut

Tags: Cisco Security

Similar Questions

  • nat ASA 5520 problem

    Hi I have a Cisco Asa 5520 and I want to vpn site-to-site by using another interface with a carrier of lan to lan, the problem is when I try to pass traffic have the syslog error to follow:

    No translation not found for udp src lan2lan:10.5.50.63/44437 dst colo: biggiesmalls groups / 897
     
    LAN to LAN service interface is called: lan2lan
    one of the internal interfaces is called: colo

    I think that is problem with Nat on the SAA but I need help with this.
     
    Config:
     
    !
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    eve of fw - ext 255.255.255.0 address IP XXaaaNNaa
    OSPF cost 10
    OSPF network point-to-point non-broadcast
    !
    interface GigabitEthernet0/1
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/1.50
    VLAN 50
    nameif lb
    security-level 20
    IP 10.1.50.11 255.255.255.0
    OSPF cost 10
    !
    interface GigabitEthernet0/1,501
    VLAN 501
    nameif colo
    security-level 90
    eve of fw - int 255.255.255.0 172.16.2.253 IP address
    OSPF cost 10
    !
    !
    interface GigabitEthernet1/1
    Door-Lan2Lan description
    nameif lan2lan
    security-level 0
    IP 10.100.50.1 255.255.255.248
    !
    access extensive list ip 10.1.0.0 lan2lan_cryptomap_51 allow 255.255.0.0 object-group elo
    permit access list extended ip sfnet 255.255.255.0 lan2lan_cryptomap_51 object-group elo
    pager lines 24
    Enable logging
    host colo biggiesmalls record
    No message logging 313001
    External MTU 1500
    MTU 1500 lb
    MTU 1500 Colo
    lan2lan MTU 1500
    ICMP unreachable rate-limit 1 burst-size 1
    ARP timeout 14400
    NAT-control
    Global 1 interface (external)
    interface of global (lb) 1
    Global (colo) 1 interface
    NAT (lb) 1 10.1.50.0 255.255.255.0
    NAT (colo) - access list 0 colo_nat0_outbound
    NAT (colo) 1 10.1.13.0 255.255.255.0
    NAT (colo) 1 10.1.16.0 255.255.255.0
    NAT (colo) 1 0.0.0.0 0.0.0.0
    external_access_in access to the external interface group
    Access-group lb_access_in in lb interface
    Access-group colo_access_in in interface colo
    Access-group management_access_in in management of the interface
    Access-group interface lan2lan lan2lan
    !
    Service resetoutside
    card crypto match 51 lan2lan_map address lan2lan_cryptomap_51
    lan2lan_map 51 crypto map set peer 10.100.50.2
    card crypto lan2lan_map 51 game of transformation-ESP-3DES-SHA
    crypto lan2lan_map 51 set reverse-road map
    lan2lan_map interface lan2lan crypto card
    quit smoking
    ISAKMP crypto identity hostname
    ISAKMP crypto enable lan2lan
    crypto ISAKMP policy 10
    preshared authentication
    3des encryption
    sha hash
    Group 2
    life 86400
    Crypto isakmp nat-traversal 20
    enable client-implementation to date
    IPSec-attributes tunnel-group DefaultL2LGroup
    pre-shared-key xxXnnAA
    tunnel-group 10.100.50.2 type ipsec-l2l
    tunnel-group 10.100.50.2 General-attributes
    Group Policy - by default-site2site
    No vpn-addr-assign aaa
    No dhcp vpn-addr-assign
    Telnet timeout 5
    !
     

    The VPN is OK? ("' isakmp crypto to show his" should show a MM_Active tunnel to the peer address ")

    Normally exempt us VPN site-to-site of NAT traffic. This could be your problem. If you can share your configuration, we can have a look.

    p.s. you should affect the question of the security / VPN forum.

  • SSL VPN using ASA 5520 mode cluster - several problems

    I configured 2 ASA 5520 s in the load balancing cluster mode. I connect using anyconnect and I download the customer the first time and everything works well except outlook. I don't know why outlook does not work.

    The second problem is after the anyconnect client is installed on your machine, he remembers that ASA (say ASA2) he first connected and the GUI shows the address IP of ASA2 instead of the virtual IP address of the cluster. I want users always connect using the virtual IP address.

    The third problem I have is there is a default group of SSL VPN and I want all users to use this group. In the initial web page, there is a drop down menu which shows that this group, but I still want to disable this menu drop-down.

    Any suggestions?

    To disable the drop-down menu, you can turn it off with the command

    WebVPN

    no activation of tunnel-group-list

    This will take care of your last issue.

    ***************************

    You can create a profile of the Anyconnect client with the name of the server you want to connect with and that make the ASA that will solve your problem of virtual IP.

    **************************

    Regarding Outlook, do you use specific ports which allows inspection of the ASA. Take a look at the list of inspection on the SAA and perhaps try to disable inspection and see if it works.

    *****************************

  • Problem connection ASA 5520 GANYMEDE

    I'm just confused at this point. This is the configuration I have so far for the configuration of Ganymede on ASA 5520. SH run

    ?

    1

    2

    3

    4

    5

    6

    7

    8

    9

    10

    11

    12

    13
    aaa-server TacServer protocol tacacs+aaa-server TacServer (LAN) host 172.19.0.226key *****

    user-identity default-domain LOCALaaa authentication telnet console LOCALaaa authentication http console TacServer LOCAL aaa authentication ssh console TacServer LOCAL aaa authentication enable console TacServer LOCALaaa authorization command TacServer LOCAL

    route LAN 172.19.0.0 255.255.255.0 172.30.186.1 1

    After that I was done with the Setup, I was able to connect using my username tacacas and the password you + activate password.

    After that, I closed my GANYMEDE server + to try to the local database. It worked for the user name and password but my password enable does not work locally. Got to be something very simple and he had written down, I was connected via the cable from the console and also changed it was completely with the user name and password but still not able to go into enable mode.

    After that failed I returned and turned on on my server TACACAS. When to wait a few minutes and trying to connect via tacacas NO GO. He doesn't like my username and password.

    So now I'm locked out and have to do password recovery because I can not connect using tacacas, and when tacacas is off I can not go in the local mode.

    Very litle documentation cisco out there for this issue... Any thoughts what coukld be the cause? I know that GANYMEDE works very well since he works on 500 + devices, I'm just confused at this point.

    I need to check a few things before recovery of password:

    To activate question, try typing the login: follow-up of your user name and password.

    For Ganymede number:

    1.] error on the section of logging of the server Ganymede while accessing the credentials of Ganymede.

    2.] was there any problems reachbility during this time?

    3.] all services came fine?

    4.] should focus on debugs following:

    debugging Ganymede

    Debug aaa authentication

    I'm not sure if this can be replicated, but yes love to help out if possible.

    Jatin kone

    -Does the rate of useful messages-

  • ASA 5520 to Juniper ss505m vpn

    I'm having a problem with the vpn site to site between a asa 5520 and Juniper ss 505 m. The tunnel rises, but we seem unable to pass traffic through the vpn tunnel.  It appears on the remote side makes a connection to the ftp server on the Local Server, but is never prompt identification of connection information.

    April 19, 2016 13:27:13 SQL-B2B-01: % ASA-4-402116: IPSEC: received a package ESP x.x (SPI = 0xD167A5E8, sequence number = 0xD).

    241.90 (user = X.X.241.90) at X.X.167.230.  Inside the package décapsulés does not match policy negotiated in the SA.  The

    package specifies its destination as its Protocol TCP, its source such as X.X.2.68 and X.X.167.233.  SA specifies its loc

    proxy of Al X.X.167.233/255.255.255.255/tcp/5376 and his remote_proxy as X.X.2.68/255.255.255.255/tcp/5376.

    list of remote ip-group of objects allowed extended West Local Group object

    NAT static Local_Pub Local destination (indoor, outdoor) static source Remote

    Crypto ipsec ikev1 transform-set esp-aes-256 Remote esp-sha-hmac

    West-map 95 crypto card is the Remote address
    card crypto West-map 95 set peer X.X.241.90
    map West-map 95 set transform-set Remote ikev1 crypto
    card crypto West-map 95 defined security-association life seconds 28800

    Juniper-

    "Remote-ftp" X.X.167.233 255.255.255.255

    Gateway proposal P1 preshare "[email protected]/ * /" proposal "pre-g2-aes256-sha-28800.

    P2-proposal "no-pfs-esp-aes256-sha-28800" No. - pfs esp aes256 sha-1 second 28800

    ----------------------

    the top of the policy of "Trust" to "Untrust" "X.X.2.68/32" "Remote-ftp' 'ftp' vpn"Remote-vpn"tunnel log

    put on top of the "Untrust" policy to the "Trust" "Remote-ftp' 'X.X.2.68/32' 'ftp' vpn"SonoraQ-vpn"tunnel sign

    I do not know Juniper, but it seems that it is trying to negotiate the use of only 5376/tcp on the tunnel, when it should be negotiated just Protocol "ip".

  • Upgrade to Cisco ASA 5520 8.2.5 to 9.1.7

    Hello

    I have an upgrade tonight for a customer to upgrade a StandAlone ASA 5520 in version 8.2.5 in 9.1.7. I have the same upgrade week next to the same client for a failover pair.

    I already have this kind of process of 8.2.x upgrade to 9.1.x so I know the entire process, since I have to take a first step 8.2.5 8.4.6 then 9.1.7. In addition this customer has no statement of Nat therefore normally an easy process.

    But today during my routine to prepare for the upgrade (I prefer to make a double or triple check before) I found this bug:

    https://BST.cloudapps.Cisco.com/bugsearch/bug/CSCuh19234;JSESSIONID=0A69...

    This bug is fixed in version 8.4.7, and 8.4.6.99. But it is not recommended by the upgrade process for a 8.2.5 to 8.4.7 jump and I can not find the 8.4.6.99 version.

    I don't want to have any problems during my upgrade with something I can avoid.

    As I said I already have this updated in the past without any problem and with a more complex configuration.

    Has anyone as a return to this process for the last months? Should I do an extra step? (before first 8.2.5 to 8.4.5 8.4.6 or 8.4.7)

    Thank you in advance for your answer.

    There are a few incidents reported for ASA 5520 8.2.5 hit this defect running.

    You can go for an extra for 8.4.x upgrade as you mentioned to avoid default we can't say for sure if you will encounter this situation or not.  8.4.6.99 can be a picture of development so be unavailable unless you want to call TAC and confirm or obtain any other image in 8.4.x train.
    Maybe add another upgrade code can't hurt as that hit the bug.

    Kind regards
    Dinesh Moudgil

    PS Please rate helpful messages.

  • ASA 5520 8.0 (4) port depending on the ACLs vpn works not

    Hi all

    I have a problem with an ASA (5520 8.0 (4)) for lack of working with a port based acl for remote clients. I have a simple acl from a single line to split traffic, if I allowed the tunnel IP works fine, if I lock it up to TCP 3389 rdp will not work. I don't see anything in the logs and debug output, I did have a problem with a similar configuration (5510 8.0 (4) and I'm at a loss to explain it.)

    Everyone knows about this problem before? I have nat exclusions etc and as I said, the tunnel only works if the acl permits all IP traffic between client and server.

    THX in advance

    Split-tunnel list cannot IP, if you want to restrict which ports are are sent via the tunnel vpn for your clients vpn, you need to use VPN filters under Group Policy:

    http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

  • ASA 5520 and MPF

    Hi all. In our company we have recently upgraded our PIX 515 firewall to ASA 5520, and we started to live a thing strange event. On one of the sites we host, I saw a lot of outdated SSM messages popping up and I think that they are the source of the problem when they surf the site (mainly surfing works fine, but sometimes people cannot content etc.).

    I found the Cisco solution for this problem by using the MPF, but one thing confuses me. If I ask a MPF allowing adults MSS on the external interface of the ASA does this political conflict with the comprehensive policy that is on the SAA by default or can they both at the same time?

    Thanks in advance for any help.

    You can have a single policy per interface and another - global, that by default applies to default-inspection-traffic.

    See http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mpc.html for more details.

  • Using Cisco Client to site VPN on a behind a NAT ASA 5520

    I apologize if this has been asked and we answered in the forums.  I looked, and while I found a large number of entries that were dancing all around this question, I never found nothing which addressed this specific issue.   We currently use an ASA 5520 as the head end of a relatively large customer to site IPSEC VPN (approximately 240 users, not consecutively).   This ASA is currently sitting behind a Checkpoint firewall with a real publicly addressable IP address on its public interface.  All of our customers use the legacy Cisco VPN (not the one anyconnect) client.  We plan to a few controllers F5 link set up between ISPS and firewalls.   For VPN connectivity F5 recommends that we NAT IP address (called a broad IP) to point back to a private IP address on the ASA and F5.  My question is, will this work?   I've always heard say that the head of line needed to have a public IP address on this subject because this is what will be placed in packages for the client to respond to.

    For further information, here's what we have now and what we are invited to attend.

    Current

    ISP - router - firewall-fire - ASA (public IP address as endpoint)

    Proposed

    ISP - router - F5 (public IP address as endpoint using a NAT to ASA) - Firewall - ASA (10.X.X.X as its external interface)

    Proposed alternative

    ISP - router - F5 (public IP address as endpoint using a NAT to ASA) - ASA (10.X.X.X as its external interface)

    All thoughts at this moment would be greatly appreciated.   Thank you!

    Hello

    If there is a static NAT one by one on F5 to the external interface of the ASA, then I don't think they would be any problems.
    Because when the client will attempt to connect to IKE to the translated public IP, F5 will redirect the request to ASA outside interface that is configured for the VPN.

    In addition, to ensure the udp500, 4500 and esp is allowed and then you should be good to go.

    HTH

    Concerning
    Mohit

  • Multiple DMZ on ASA 5520 connection to a Catalyst 3550

    I have ASA 5520 with 4 ports, I have 8 networks from the DMZ. As anyone configure an ASA 5520 for use with VLANS or sous-interfaces? How are you?

    I plan to use interfaces on the DMZ interface and assign a vlan to each interface of void. Should I configure dot1q trunking on the interface of the DMZ. If this isn't the case, I'll have to set it up on the switchport to my DMZ switch? or does each subinterface * Just Thinking out loud *.

    Thank you

    Hi there on the physical interface first you won't have any config except for nonstop and up.then interface create secondary interfaces on the same interface as int I0.1. set the security level and assign them to one vlan and IP to make them.after which connect a switchport port and configure the port a port trucnking cause all traffic vlan of the asa will elapse of this port.on the button to connect your servers and assign the port to their VLAN respective and configure gateways thie as the ip address of the vlan configured on the asa. That's all. Incase you need more information. write again. If I solved it your problem then pls note the post.

    Assane

  • Routing with Cisco ASA 5520 VPN

    I have installed IPsec vpn remote users in the Cisco ASA 5520 using RADIUS in my main network. Works very well. I have a site to my Cisco ASA5520 tunnels going to other sites, some of the tunnels have Cisco ASA and some have SonicWalls. I wish that my users VPN remote IPSec to be able to navigate in these tunnels is a site to access remote subnets attached to these tunnels. Do I need to use a combination of routing and the ACL? Or can I just use ACL only? Or just use routing only?

    Thank you

    Carlos

    Hello

    The key to set up here is the two ACL of VPN L2L end points that determine the 'interesting' traffic to connect VPN L2L. You will also need to confirm that the connection of the VPN Client is configured so that traffic to the remote sites have sent to the connection of the VPN client. There are also other things that you should check on your ASA plant

    Here most of the things you usually have to confirm

    • Set up 'permit same-security-traffic intra-interface' if it is already present in your configuration

      • This setting will allow connections to form between the hosts that are connected to the same interface on the ASA. In this case, applies because the VPN client users are connected to the interface 'outside' of the ASA and also remote sites are connected to the ASA to "external". If the traffic between the remote VPN Client and VPN L2L sites will be to enter and exit the same interface
    • You will need to check how the customer if configured VPN connection. Split or full Tunnel tunnel
      • If the connection of the VPN Client is configured as Split Tunnel then you need to add all the networks from the remote to the Split Tunnel, so that the connections between the VPN Client is transmitted to the ASA and from there connections VPN L2L
      • If the connection of the VPN Client is configured as full Tunnel, then there no problem that all traffic is transferred to the Client VPN connection all its assets
    • Define the VPN pool in the ACL of VPN L2L
      • You should make sure that the pool network VPN Client is defined in the ACL that define 'interesting' traffic to connect VPN L2L. So, you need to add the pool VPN VPN L2L configurations on the sites of Central America and remote control
    • Configure NAT0 / NAT exempt for remote VPN Client to L2L VPN Site traffic at both ends of the VPN L2L
      • You must ensure that the NAT0 / exempt NAT rules exist for the VPN Client for Remote Site traffic. This will have to be configured on the SAA "outside" interface. Format of configuration varies naturally a bit on the ASA Central his software level.

    These should be the most common things to set up and confirm for traffic to flow between the VPN Client and Remote Sites

    Hope this helps please rate if yes or ask more if necessary.

    -Jouni

  • Default gateway of ASA 5520 8.4 (3) tunnel and different subnets

    Hello

    I fight on a problem for more than 2 weeks despite various searches.

    We have a Cisco router, then a 8.4 (3) ASA 5520.

    The ASA's private interface is connected to a switch and now connected to an interface of the router.

    The private interface is as follows: 129.88.63.253 255.255.248.0 (/ 21) =>

    It's in the 129.88.56.0/21 subnet

    Here is the part of the router configuration, that we are interested in:

    !

    interface Vlan32

    address IP 129.88.63.254 255.255.248.0 (it's the tunnel default gateway configured on the SAA - 129.88.56.0/21 subnet)

    IP 129.88.71.254 255.255.255.0 secondary

    IP 129.88.75.254 255.255.252.0 secondary

    IP access-group CVPN-since - 129.88.56 in

    IP access-group CVPN-to - out 129.88.56

    Check IP unicast accessible source - via rx allow - by default

    no ip redirection

    MLS-rp ip

    !

    On the SAA, there is a default route for traffic in tunnel mode:

    private road 0.0.0.0 0.0.0.0 129.88.63.254 in tunnel

    As you can see, it is on the same subnet as the main Vlan32 of interface IP address on the router.

    The scenario is as follows:

    -We can connect to the VPN with the appropriate alias (LDAP connection), then we get an IP address in the range (this is a local pool ASA)

    -the pool is: 129.88.71.0/24

    - but, once we are connected, we cannot do anything, because it looks like we have no access to the network

    My thoughts:

    For the moment, we give (for the alias/connection profile above based on the LDAP authentication)

    an IP address from a local pool of ASA (129.88.71.1 to 129.88.71.253). But this IP address is not on the same subnet as the

    tunnel default gateway (129.88.63.254).

    For example, if we give an IP address in the subnet 129.88.56.0/21 everything works perfectly.

    However, this IP address is still on the same subnet as one of the secondary IP address of the Vlan32 interface on the router:

    IP 129.88.71.254 255.255.255.0 secondary

    The strange problem is that this configuration has worked for a few days until we reboot the ASA, and now it's over.

    Currently, the configuration on the SAA is the same before the reboot.

    You have any ideas to make this type of configuration really works (multiple subnets but default gateway a single tunnel, which is the only way)

    'access' resources on the network)?

    Given the following...

    -We can only set one and only one tunnel gateway

    -We are unable to extend the 129.88.63.254 ' 255.255.248.0 "subnet

    -the problem is not the ACL (tested with and without and they are OK, they let the traffic of the pools above)

    Thank you!

    Here's an idea. If the secondary IP address is configured on the router just to be on the same subnet as the clients, it is not necessary. It is best to simply set a route in the score of the router

    129.88.71.0/24 to the private firewall interface (route ip 129.88.71.0 255.255.255.0 129.88.63.253). It's basically the difference between data is sent right to the firewall (good) versus the firewall with proxy-arp answer an arp broadcast (not as good).

    May or may not solve the problem, but it's a cleaner configuration.

  • ASA 5520 VPN licenses

    Community support,

    I want to run this question by you guys to avoid the sales of our partner CISCO and similar pitch more to the best solution that would give us what we want.

    We currently have a VPN from CISCO 3020 hub to terminate the Lan-to-Lan tunnels and have our mobile workers to connect through the client VPN CISCO (300 users-employees and contractors).

    Given that this device is coming to an end of LIFE this year, we bought a CISCO 5520 (here is the current licenses in this topic)

    Licensing seems quite complicated, so here's my question:

    -What VPN do you recommend for our users and entrepreneurs? I understand that the CISCO VPN client does not work with ASA 5500 Series devices

    Is there a license needed to deploy a VPN solution for our remote users(employees/contractors)?

    Thank you

    John

    The devices allowed for this platform:
    The maximum physical Interfaces: unlimited perpetual
    VLAN maximum: 150 perpetual
    Guests of the Interior: perpetual unlimited
    Failover: Active/active perpetual
    VPN - A: enabled perpetual
    VPN-3DES-AES: activated perpetual
    Security contexts: 2 perpetual
    GTP/GPRS: Disabled perpetual
    AnyConnect Premium peers: 2 perpetual
    AnyConnect Essentials: Disabled perpetual
    Counterparts in other VPNS: 750 perpetual
    Total VPN counterparts: 750 perpetual
    Shared license: disabled perpetual
    AnyConnect for Mobile: disabled perpetual
    AnyConnect Cisco VPN phone: disabled perpetual
    Assessment of Advanced endpoint: disabled perpetual
    Proxy UC phone sessions: 2 perpetual
    Proxy total UC sessions: 2 perpetual
    Botnet traffic filter: disabled perpetual
    Intercompany Media Engine: Disabled perpetual

    This platform includes an ASA 5520 VPN Plus license.

    Your understanding that the Cisco VPN client does not work with ASA is wrong. Maybe it's the version of Cisco VPN client that you use currently does not work with ASA. But these (and so not very new indeed) versions of VPN client work with the ASA. I installed for several clients who use the traditional IPSec VPN client with ASA ASAs and they work well.

    You are right that the granting of licenses for the SAA is complicated. Your tunnels IPSec VPN site-to-site will work on the SAA and pose much challenge in terms of licenses. But there are problems and alternative solutions to consider for remote access VPN clients. At this point, there are two major variants: you can use the classic IPSec VPN client or you can use the new AnyConnect client. From a licensing perspective there is a Hugh difference between them. It is not special license that applies to the traditional IPSec client and they are just against your license for peers Total VPN (for which you have 750 in your license). For the AnyConect there is a condition of licence. There is a premium for AnyConnect license and there are licensed AnyConnect Essentials. The Essentials license price is much lower than the premium license, but Essentials does not all the features that made the premium.

    In the immediate future, that it would sound like an easy question to answer, use the traditional IPSec VPN client for which theere is not a special permit and it is what you are used to. However Cisco has announced the dates of end of sale and end of Support for the traditional VPN client. If at some point you will need to use the AnyConnect client. I would say that if you make the change of the ASA that it might be a good choice to also adopt the AnyConnect client.

    HTH

    Rick

  • Cisco Anyconnect VPN and IPSEC coexist on ASA 5520?

    Can a Cisco ASA 5520 which has been configured as IPSEC VPN gateway and also be configured as a gateway ANYCONNECT VPN and vpn IPSEC service anyconnect vpn clients clients maintenance at the same time? Any negative impact on the performance or any other problem that everyone knows?

    I guess that by 2 connection limit, you are referring to the 2 licenses for anyconnect?  You should consider using the anyconnect essentials license, which is relatively cheap (100-200 dollars I think) and will take you to the edge of the platform with anyocnnect.

    You shouldn't have any problem using IPSEC with LDAP client.  It is quite common - my company is IPSEC as Anyconnect off the coast of the same interface using authentication ldap (even same-group policy) for the two.

    -Jason

  • ASA 5520 - VPN users have no internet.

    Hello

    We just migrated a Pix 515 and an ASA 5520 VPN concentrator.  The firewall part works fine, but we have some problem with our remote VPN.

    Everything inside network is accessible when you use VPN remote but there is no access to our perimeter network or the internet.  I don't know there's only something simple you need that I'm missing, and hoping someone can shed some light on what is needed to allow the VPN tunnel back outdoors and in our DMZ.

    The ASA is running 8.2 (2) 9 and ASDM 6.2 (1).

    See you soon,.

    Rob

    From the 172.16.68.0/24 you can PING 10.10.10.1 correct?

    The 10.10.10.0/24 you can PING 172.16.68.1 correct?

    I'm having a hard time find now how this tunnel is up since you have PFS
    activated on the SAA, but not on the PIX.

    Federico.

Maybe you are looking for

  • My automatic updates are scheduled to start, but when I log in it still reads updated Automatic are turned off!

    Although security watch automatic updates are enabled, when you connect Windows Security Center always shows the automatic updates turned off and indicates "your computer is vulnerable to the viriuses and other threats of secutify.»  Activate the aut

  • 0xc00000e9 error "an unexpected i/o error has occurred."

    UNLIKE ANYTHING I'VE SEEN IN THIS FORUM!  Help! Hi all!  I am working on a Toshiba Windows Vista 64 - bit laptop and I'm having an experience somewhat similar, as some people have had here as well.  The computer never starts past the Toshiba screen o

  • Shortcut to 4 k?

    Hi, just back from repair phone and it has Marshmallow on it now.Before you have a widget for applications of camera allowing quick access to 4 k video (resolution only my family films now). The widget seems to lack of Marshmallow, anyone know how to

  • Problem connecting to the Buffalo TeraStation with Windows 7 Pro

    Our network has a server running Win2K AD files.  We have added a Buffalo TeraStation TS - X 2. BTA/R5 for more than a year to complete our storage.  Since that time, we had computers, Windows 2000, Windows XP Pro and Windows Vista Pro, and trendy Ho

  • I get an error when I try to save my CSJ

    C:\Program Files (x 86) \Research in Motion\BlackBerry 10 SDK WebWorks 1.0.4.11\dependencies\tools\bin > blackberry - sign - to register - xxxxxxx csjpin - storepass C:\keys\client-RDK-2099854.csj C:\keys\client-PBDT-2099854.csj xxxxxxEnter the passw