SSL VPN using ASA 5520 mode cluster - several problems

I configured 2 ASA 5520 s in the load balancing cluster mode. I connect using anyconnect and I download the customer the first time and everything works well except outlook. I don't know why outlook does not work.

The second problem is after the anyconnect client is installed on your machine, he remembers that ASA (say ASA2) he first connected and the GUI shows the address IP of ASA2 instead of the virtual IP address of the cluster. I want users always connect using the virtual IP address.

The third problem I have is there is a default group of SSL VPN and I want all users to use this group. In the initial web page, there is a drop down menu which shows that this group, but I still want to disable this menu drop-down.

Any suggestions?

To disable the drop-down menu, you can turn it off with the command

WebVPN

no activation of tunnel-group-list

This will take care of your last issue.

***************************

You can create a profile of the Anyconnect client with the name of the server you want to connect with and that make the ASA that will solve your problem of virtual IP.

**************************

Regarding Outlook, do you use specific ports which allows inspection of the ASA. Take a look at the list of inspection on the SAA and perhaps try to disable inspection and see if it works.

*****************************

Tags: Cisco Security

Similar Questions

Is supported PPTP vpn cisco ASA 5520 firewall?

Hi all

I'm Md.kamruzzaman. My compnay buy a firewall of cisco asa 5520 and I want to configure PPTP vpn on asa 5520 firewall. Is it possible to configure the PPTP vpn to asa firewall. If possible can you please tell me what is the procedure to configure the PPTP vpn.

Best regards

MD.kamruzzaman

Sorry, but the Cisco ASA firewall does not support PPTP VPN termination.

You may terminate IPSec and SSL VPN but not of type PPTP.

If you are new to the ASA, how best to configure the supported VPN types is via the VPN Wizard integrated into the application of management of ASSISTANT Deputy Ministers.

IP phone SSL VPN by ASA

IM in the middle of configuring Ip Phone SSL VPN by ASA, is stuck on authentication... When I enter the user name and password on the phone screen, I get the message "username and password failed" on the screen. However, in the newspapers of the ASA, I see the following line

February 16, 2011 15:12:57 725002 85.132.43.67 device 52684 complete SSL negotiation with customer vpn:85.132.*.*/52684

February 16, 2011 15:17:26 725007 85.132.43.67 52745 SSL session with client vpn:85.132.*.*/52745 is complete.

What it means? How can I turn on debugging to see what is happening?

Thank you in advance!

Hello

If you do not use certificates in the client authentication then the SSL handshake full until the user is prompted to authenticate with the username user and password. If that fails authentication request, you will see the terminated SSL session immediately after this failure (as in newspapers you provided). Note 5 seconds between the end and the SSL session establishment, it is more likely when the user is authenticated with the aaa server. If the phone is an authentication against an external aaa server failure you'll want to investigate the logs on the server to determine the cause of the failure. The ASA can also provide confirmation of the request for authentication/reject with the command 'display aaa-server '. If you want to see what happens at a level of authentication protocol you can activate many debugs including "debug aaa authentication | common | internal ' and debugs specific protocol such as ' debug RADIUS user. session | all ' or 'ldap debug ".

This has answered your question? If so, please indicate it answered!

Customization of SSL VPN Cisco ASA version 8

Is there a way to customize the appearance of the SSL VPN? To change the features of the ASA custmization? To change the total look of the portal page the way we like it and not the Cisco default settings? For example, the RDP plugin has always display the help text on the right side, and we would like to show different text in this area. We were able to change it but could not import to the area of the asa.

Import of SSL vpn customization ASA is not possible. Impossible also to change the appearance of the portal page.

New for mapping SSL VPN ACS ASA - ASA groups

Greetings,

I am new to ASA, so any help is greatly appreciated.

I just installed and installed an ASA 5520. I installed an SSL VPN. What I'm trying to achieve is to configure profiles of different groups and different users can access various resources when they access the VPN.

Current config-

ASA 5520 v8.3

ACS 4.0

Field of Windwos 2003

I have different installation profiles in the ASA. (i.e. business Dept.) When I choose in the drop down menu, it allows me to open a session and displays the options I've chosen for this group. The problem is that I can connect in this group with any account. GBA, all windows domain users are in the default group. I guess the default group is being processed and which has hosted and user logon.

Can anyone provide a good article or tips on how to configure the ASA and the ACS for several groups of users. We have several departments that will have to get the parameters when they connect. The ACS groups are mapped to the Windows groups that correspond to each Department

Any help is greatly appreciated.

Thank you

Tim

Hello

I think that you need to activate locking group.

In order to configure Group locking, send group policy name in the attribute class 25 on the Authentication Dial - In User Service (RADIUS Remote) server and choose the group to lock the user in policy. For example, to lock the user 123 of Cisco in the RemoteGroup group, define the class of attributes 25 Internet Engineering Task Force (IETF) UO = RemotePolicy; for this user on the RADIUS server.

IPSec VPN to asa 5520

Hello

First I must admit that I am not very versed in Cisco equipment or in general IPSEC connections so my apologies if I'm doing something really good obviously stupid, but I checked through any kind of things that I could find on the internet on the configuration of IPSEC VPN.

The setup I have is an asa 5520 (o/s 8.2) firewall which, for now, is connected to a temporary connection beautiful style home broadband for testing purposes. The netopia router is configured to allow ipsec passthrough and redirect 62515 UDP, TCP 10000, 4500 UDP, UDP 500 ports in the asa 5520.

I'm trying to connein out of a laptop with disabled windows firewall and vpn cisco 5.0.02.0090 client version.

I ran several attempts through the ipsec configuration wizard options. most of the time that nothing comes in the newspaper to show that a connection was attempted, but there is a way I can set up product options the following on the firewall log:

4. Sep 24 2010 | 13: 54:29 | 713903 | Group = VPNtest9, IP = 86.44.x.x, error: cannot delete PeerTblEntry

5: Sep 24 2010 | 13: 54:29 | 713902 | Group = VPNtest9, IP = 86.44.x.x, drop table homologous counterpart does not, no match!

6. Sep 24 2010 | 13: 54:21 | 713905 | Group VPNtest9, IP = 86.44.x.x, P1 = relay msg sent to AM WSF

3: Sep 24 2010 | 13: 54:21 | 713201 | Group = VPNtest9, IP = 86.44.x.x, double-Phase 1 detected package. Retransmit the last packet.

6. Sep 24 2010 | 13: 54:16 | 713905 | Group VPNtest9, IP = 86.44.x.x, P1 = relay msg sent to AM WSF

3: Sep 24 2010 | 13: 54:16 | 713201 | Group = VPNtest9, IP = 86.44.x.x, double-Phase 1 detected package. Retransmit the last packet.

6. Sep 24 2010 | 13: 54:11 | 713905 | Group VPNtest9, IP = 86.44.x.x, P1 = relay msg sent to AM WSF

3: Sep 24 2010 | 13: 54:11 | 713201 | Group = VPNtest9, IP = 86.44.x.x, double-Phase 1 detected package. Retransmit the last packet.

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

3: Sep 24 2010 | 13: 54:06 | 713257 | 1 failure to phase: incompatibility of types of attributes of class Group Description: RRs would be: Group 2 FCMS would: Group 1

6. Sep 24 2010 | 13: 54:06 | 302015 | 86.44.x.x | 51905 | 192.168.0.27 | 500 | Built UDP inbound connection 7487 for Internet:86.44.x.x/51905 (86.44.x.x/51905) at identity:192.168.0.27/500 (192.168.0.27/500)

and this, in the journal of customer:

Cisco Systems VPN Client Version 5.0.02.0090

Copyright (C) 1998-2007 Cisco Systems, Inc.. All rights reserved.

Customer type: Windows, Windows NT

Running: 5.1.2600 Service Pack 3

24 13:54:08.250 24/09/10 Sev = Info/4 CM / 0 x 63100002

Start the login process

25 13:54:08.265 24/09/10 Sev = Info/4 CM / 0 x 63100004

Establish a secure connection

26 13:54:08.265 24/09/10 Sev = Info/4 CM / 0 x 63100024

Attempt to connect with the server "213.94.x.x".

27 13:54:08.437 24/09/10 Sev = Info/6 IKE/0x6300003B

Attempts to establish a connection with 213.94.x.x.

28 13:54:08.437 24/09/10 Sev = Info/4 IKE / 0 x 63000013

SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) at 213.94.x.x

29 13:54:08.484 24/09/10 Sev = Info/4 IPSEC / 0 x 63700008

IPSec driver started successfully

30 13:54:08.484 24/09/10 Sev = Info/4 IPSEC / 0 x 63700014

Remove all keys

31 13:54:13.484 24/09/10 Sev = Info/4 IKE / 0 x 63000021

Retransmit the last package!

32 13:54:13.484 24/09/10 Sev = Info/4 IKE / 0 x 63000013

SEND to > ISAKMP OAK AG (Retransmission) to 213.94.x.x

33 13:54:18.484 24/09/10 Sev = Info/4 IKE / 0 x 63000021

Retransmit the last package!

34 13:54:18.484 24/09/10 Sev = Info/4 IKE / 0 x 63000013

SEND to > ISAKMP OAK AG (Retransmission) to 213.94.x.x

35 13:54:23.484 24/09/10 Sev = Info/4 IKE / 0 x 63000021

Retransmit the last package!

36 13:54:23.484 24/09/10 Sev = Info/4 IKE / 0 x 63000013

SEND to > ISAKMP OAK AG (Retransmission) to 213.94.x.x

37 13:54:28.484 24/09/10 Sev = Info/4 IKE / 0 x 63000017

Marking of IKE SA delete (I_Cookie = 36C50ACCE984B0B0 R_Cookie = 0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

38 13:54:28.984 24/09/10 Sev = Info/4 IKE/0x6300004B

IKE negotiation to throw HIS (I_Cookie = 36C50ACCE984B0B0 R_Cookie = 0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

39 13:54:28.984 24/09/10 Sev = Info/4 CM / 0 x 63100014

Could not establish the Phase 1 SA with the server '213.94.x.x' due to the 'DEL_REASON_PEER_NOT_RESPONDING '.

40 13:54:28.984 24/09/10 Sev = Info/5 CM / 0 x 63100025

Initializing CVPNDrv

41 13:54:28.984 24/09/10 Sev = Info/6 CM / 0 x 63100046

Set indicator established tunnel to register to 0.

42 13:54:28.984 24/09/10 Sev = Info/4 IKE / 0 x 63000001

Signal received IKE to complete the VPN connection

43 13:54:29.187 24/09/10 Sev = Info/4 IPSEC / 0 x 63700014

Remove all keys

44 13:54:29.187 24/09/10 Sev = Info/4 IPSEC / 0 x 63700014

Remove all keys

45 13:54:29.187 24/09/10 Sev = Info/4 IPSEC / 0 x 63700014

Remove all keys

46 13:54:29.187 24/09/10 Sev = Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

I have connectivity full http from the internet to a machine inside the asa 5520 so I think that the static routing and NAT'ing should be ok, but I am pleased to provide you with all the details.

Can you see what I'm doing wrong?

Thank you

Sam

Pls add the following policy:

crypto ISAKMP policy 10

preshared authentication

the Encryption

md5 hash

Group 2

You can also run debug on the ASA:

debugging cry isa

debugging ipsec cry

and retrieve debug output after trying to connect.

SSL VPN on ASA-

Everyone,

I went up to a SSL VPN router and now migrate to ASA firewall and was looking for a doc that documents the installation using the ASDM or CLI.

Thanks for your help.

Sheldon.

These should contribute.

http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808efbd2.shtml

http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080975e83.shtml

SSL VPN using core instead of configured Group group

I have a 3000 configured for Ipsec using ACS to authenticate users. I tried to add SSL VPN. I can authenticate and install the SSL client, but I can't access anything whatsoever. I am connected via the base group, explains the newspaper on the 3000. How can I get SSL to work via the group which I configured and not the core group?

You should be able to achieve this with your RADIUS server. You must set the class attribute 25 as an ORGANIZATIONAL unit name equal on behalf of the particular group you want to connect to on the hub.

For example, suppose you want a SVC_User user to connect to a group called SSL_VPN. In the configuration of the RADIUS user, you would (under the attribute 25):

UO = SSL_VPN;

(... Do not omit the semicolon.)

SSL VPN using MS CA

I work on the AnyConnect SSL VPN deployment and seeks to secure the connection with a certificate that is NOT provided by the internal CA of the ASA or a 3rd party. What I would do, is our domain CA (MS) approve the certificate - in this way, all users of portable computers that connect to the VPN will accept the certificate without asking for confirmation.

Is there any type of document from Cisco that describes this case? I looked at the Cisco configuration documents that show:
-install manually 3rd party SSL VPN vendor certs (IE. VeriSign)

-to obtain digital certificates for a MS CA ASA (it emits only IPSec certificates for users - the lancers ASA an error on the EKU without specifying the role of authentication server)

-renew/install the certificate SSL with ADSM (applies only to the self-signed certificates)

-examined the anyconnect Administrator's guide

I found two similar positions in the community, but there is no answer from anyone whether or not this is possible.

https://supportforums.Cisco.com/message/259286#259286

https://supportforums.Cisco.com/message/1324901#1324901

I would be grateful for any feedback. I may end up copying the certificate self-signed ASA on all laptops users VPN: S

Greg

You treat the SSL VPN as a web server... Create a 3rd party application signing, load it onto your MS CA and select Web server profile... You will need the CA cert so the cert of identification. You load the CA cert first then the cert of the identity.

You then attach the cert to an interface.

I did it on my internal interface so that the customization pages would stop sent me some errors in my browser... I went with a cert of public own party 3rd for the external interface given that I expect no area machines to connect and telling users how to install certificates is a pain.

CME SSL VPN with ASA

Hi all

We are working on a new deployment of CME 9.1 for a small office. As part of this deployment, our plan was to have several remote phones connect via SSLVPN to an ASA on our network border allowing them to communicate with the router of the CME. We bought the appropriate of the VPN to ASA and licenses of paper for phones remotely.

I'm following the instructions in this document: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configura...

However, the penalty, I'm having is that when I try to enter the settings for vpn-Group (page 19 of the pdf) the command is not available on my router - unrecognized command. I fear that this could mean that I'm missing a license/feature set to my router CME, is that correct? We bought a C2921CME-SRSTK9 router, but I may need the SEC/K9 license? If this is the case, can someone show me the part number or SKU, I would need to buy?

Moreover, is anyway that I could get around to adding this to the router config - perhaps change the configuration of phone XML directly?

Thanks in advance!

It is correct, you will need the license of security. SKU is: L-SL-29-SEC-K9 =

http://www.Cisco.com/c/en/us/products/collateral/routers/1900-series-int...

2901 router as an SSL VPN using

Hello world!

I was wondering if someone could give me a hand on this. I'm trying to use a Cisco 2901 to allow remote workers to access resources on the local network using the Client AnyConnect Secure Mobility Client. I just read this doco

http://www.Cisco.com/c/en/us/support/docs/routers/3800-series-integrated...

But it seems it does not support the 2901 platforms. I quote:

WebVPN or VPN SSL technology relies on these router IOS platforms:
- 870, 1811, 1841, 2801, 2811, 2821, no. 2851
- 3725, 3745, 3825, 3845, 7200 and 7301
Is that all just because this topic is old?

Before I have to spend money on the wrong license, I decided to give it a go (above the following article). So, when I went to

' Configure > Security > VPN > SSL VPN > SSL VPN Manager "CCP says I need license"(securityk9). I then followed the link "activate license" and clicked on the tab 'evaluation licenses. But where there are two that seems good:
- securityk9 (the CCP one says it needs)
- SSL_VPN (one who seems reasonable as AnyConnect uses SSL VPN, right?)
What is the license of right? Anyone can enlighten us please?

Also, is there any resource that explains better than all the options and how to configure the AnyConnect on a router ISR2, using CLI?

Thanks in advance

Alvaro

Hello Alvaro,

What IOS version you are using?

Beginning in Cisco IOS version 15.0 (1) M, the SSL VPN gateway is a licensing feature sits a count on Cisco 880, 890 Cisco, Cisco 1900, Cisco 2900 and 3900 Cisco platforms. A Chair does refers to the maximum number of sessions allowed both.

For more information, go through:

http://www.Cisco.com/c/en/us/TD/docs/iOS-XML/iOS/sec_conn_sslvpn/CONFIGU...

"Please note useful posts.

Microsoft L2TP VPN to ASA 5520

I am trying to configure an L2TP VPN connection on an XP laptop. On the SAA, I use the DefaultRAGroup and the DfltGrpPolicy. I put DefaultRAGroup to use a pre-shared key, and set the authentication of users on ACS_Radius. Our ACS server is associated with AD. Anyone know if I can use ACS to authenticate this user type or do I have to create local accounts on the SAA?

When I try to connect from the laptop, I get error 789. On the ASA, I see this:

Group = DefaultRAGroup, IP = 63.xxx.xxx.xxx, PHASE 1 COMPLETED

Group = DefaultRAGroup, IP = 63.xxx.xxx.xxx, error QM WSF (P2 struct & 0xcddc7d28, mess id 0x46986b08).

Group = DefaultRAGroup, IP = 63.xxx.xxx.xxx, peer of withdrawal of correlator table failed, no match!

Group = DefaultRAGroup, username =, IP = 63.xxx.xxx.xxx, disconnected Session. Session type: IKE, duration: 0 h: 00 m: 00s, xmt bytes: 0, RRs bytes: 0, right: Phase 2 Mismatch

On the one hand, it seems that the laptop is not sending the username and password. I've tried a lot of different combos on the side of microsoft MSCHAP and MSCHAPv2, both of them or all of them individually and matched this setting on the SAA. No matter what, I get the same error. Anyone have any ideas?

Yes... I have never trusted guys for the configuration, I got the following errors:

1 L2TP requires a mode of transport must be of the type of IPSEC traffic used, your config seems to refer to the one, yet it is not defined:

Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_SHA

Crypto ipsec transform-set

Transit mode TRANS_ESP_3DES_SHA<-(needed>

2. the present set of transformation is not attached to dynamic cryptography so not used:

Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

It should look like:

Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5 TRANS_ESP_3DES_SHA

Finally, it is just to clear up, make sure that your server ACS_Radius is indeed enabled for authentication MS-CHAPv2 of ASA and the l2tp client, otherwise it will fail always.

AnyConnect ssl vpn using digital certificates

people

I have an asa 5540 (8.4) used to stop vpn ssl connections

the device is used as a local certification authority and issued certificates to remote users and these are then used as part of the authentication process

I now have an obligation to replace the self-signed certificate and buy a third-party certificate, for example verisign etc.

can someone point me to a guide for the performance for this

can I still use the asa to generate certificates for guests to use as part of the authentication process

Thanks to anyone taking the time to answer or two reading this

greatly appreciated

http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808b3cff.shtml

is the guide to install 3rd party cert.

The local process of CA is independent of user certificate to authenticate the ASA, in fact, if you look at the CERT gives users that they are provided by the CA of the ASA and unsigned by cert used for authentication.

Take care of is not to remove too much of RSA keys ;-)

Small network VPN using ASA

I want to set up a small network of 3 offices and 1 seat. I wanted to use the cheapest and the best available solution for I came up with the following references

For head office

ASA5510-BUN-K9 ASA 5510 appliance with SW, 5FE, 3DES/AES

For Branches

ASA5505-BUN-K9 ASA 5505 appliance with SW, 10 users, 8 ports, 3DES/AES

I will configure VPN of Site which I am sure will work with this peoperly. The only thing that concerns me, what I can have 2 WAN links on each site so that I will need to set up backup link VPN from Site to Site. If a link fails in the other session VPN resumes and I'm pretty sure that this requires IP SLA. Will I get support IP SLA based this ASA 5505?

Apart from that, now, I'll order a 5505 with a 10 user license. If users in this industry grows at 15, I will be able to upgrade to ASA5505-50-BUN-K9?

Do I need an extra feature to meet my needs?

ASA5505 aura base ip sla.

10 users licenses means that:

In routed mode, hosts inside (business and home VLAN) count to the limit when they communicate with the outside (Internet, VIRTUAL local area network), including when the interior makes a connection to the outside, as well as when the outside connects to the inside. Note that even when outside initiates a connection inside, the external hosts are

not

taken into account in the limit; only inside hosts the County. Also, guests who initiates the traffic between businesses and home are not counted toward the limit. The interface associated with the default route is considered be the external Internet interface. If there is no default route, hosts on all interfaces are taken into account in the limit. In transparent mode, the interface with the smallest number of hosts is taken into account within the limits of the host. Use of the

local-host

command to show the limits of the host.

For a license 10 users, the maximum DHCP Clients is 32. For 50 users, the max. is 128. For unlimited users, Max 250, which is the maximum for other models.

http://www.Cisco.com/en/us/docs/security/ASA/asa84/license/license_management/license.html#wp1491143

So you must license option for 50 or unlimited user count.

---

HTH. Please rate this post if this has been helpful. If it solves your problem, please mark this message as "right answer".

Divide access remote vpn tunnel ASA 5520

Hello

I'm setting up a vpn for remote access with split tunnel, but I use an acl extended to match a host and http to destination port, but does not work.

Scenario of

Distance access(10.0.0.122/24)--internet---Cisco ASA(inside:192.168.10.1/24)---ip = 192.168.10.6 - C6509 - 10.0.0.254/24---hote = 10.0.0.31/24

The plot is when I activate the IP service connection or flow ICMP worked. Does anyone have an idea what is the problem? Thank you

Concerning

Split tunneling does not take into account the port information you specify in the ACL, he doesn't care the ip address/network you defined.

If you want to restrict access to ports and IP, you must define your split tunneling with only ip addresses and using a vpn-filter acl in group policy to restrict following the specific ports that you want:

split_acl ip access list allow

access-list allowed filter_acl ip eq

attributes of group-pol

Split-tunnel-pol tunnelspecified

value of Split-tunnel-net split_acl

VPN-filter value filter_acl

-heather

SSL VPN using ASA 5520 mode cluster - several problems

Similar Questions

Maybe you are looking for