webvpn SSL questions

Similar Questions

• ASA WebVPN/SSL Client licenses

  The licenses for the client SSL on the SAA requires a key to install? We have 5 remote sites using an ASA5510 and requiring a small number of WebVPN connections (more than others). What I want to know is can I buy the 100 user license and split the users among the ASAs 5 as required? or do I have to buy five separate licenses?

  You cannot divide a single 100 user license. You get 2 with the base license and then you can get 10,25,50 and 100, 250 licenses increments by device according to Cisco.

• Difference between webVPN, SSL vpn and ipsec client

  Hello

  We just bought an ASA5510 and I am trying to understand the difference of the possibilities mentioned VPN. Can anyone describe the differences and use scenarios of all types of remote access vpn of the asa?

  Thanks in advance.

  Rgds,

  Rasmus

  Hi Rasmus,

  They use different SSH and IPSEC protocols, and there is also of course in terms of security.

  SSL is easy to deploy than ipsec. Imagine that you have 200 + users and to connect to the vpn, you must give them the pcf file and client software, which is not required in the case of SSL.

  Kind regards

  ~ JG

  Please note if assistance

• vpn SSL question

  Hello

  If I change the ip address of the SSL VPN module, re - generate the cert for the new IP address of the SSL VPN module?

  RDG

  That depends on whether your cert has been registered using the FULL domain name or ip address, if the ip address has been used then Yes, you must regenerate, if it was via FQDN and the FULL domain name changed not need him.

• VMware 5.0 U 2 / SSL question - VMware support is stumped

  I am running the following:

  Update versions:

  VMware ESXi 5.0 Patch Express 4 (version version 5.0.0
  804277) vCenter server 5.0 U2 (version 5.0.0 version 913577) vCenter Server 5.0
  Update 1 b (in fact it's vSphere Client version 5.0.0 build 804277) RS
  5.0.1.2645 SRA 9.5.0.621 left hand left hand SAN Qi 9.5.00.1215.0

  For example, we have recently moved our Windows 2003 to 2008 CA server. We have exported all certificates and re-imported into a server that has the same name, best practices according to MSFT. A few days later our guests in VSphere has dropped to a disconnected with the alert, not verified SSL State. It is a known problem in 5.0 we however on U2 5.0 which should be good. We have generated new certificates of authority of cert and imported. Here is the list of steps more or less, we have carried out more than 1 times:

  (1) close all virtual machines by directly connecting to the hosts

  (2) enable SSH and put the hosts in maintenance mode

  (3) create a CRS (cert requests)

  (4) generate services AD cert certificates or any enterprise certification authority

  (5) to import the new cert guests

  (6) power cycle the hosts (they should return to the maintenance mode, not disconnected state)

  (7) remove the cluster hosts in VSphere

  (8) then re add them to the cluster

  The hosts would be good for an hour or so falling into a disconnected state. We cycled through at least 3-4 level 3 technical support engineers. They all seem to be perplexed. Here is the log of host that we think that the best shows what is happening:

  2013 10-25 T 12: 40:29.113 - 07:00 [09292 info "Default" opID=HB-host-547@340-90f44497] [VpxLRO] - tache-interne-11448--hote-547--vpxdinvthostsynchostlro.synchronize--BEGIN

  2013 10-25 T 12: 40:29.114 - 07:00 [09292 info "Default" opID=HB-host-547@340-90f44497] [VpxdHostSync] synchronization host: host-547 (redacted)

  2013 10-25 T 12: 40:29.118 - 07:00 [09292 info 'Default' opID=HB-host-547@340-90f44497] InvokeOnSoap [ClientAdapterBase] leave

  2013 10-25 T 12: 40:29.120 - 07:00 [09292 info 'Default' opID=HB-host-547@340-90f44497] InvokeOnSoap [ClientAdapterBase] leave

  2013 10-25 T 12: 40:29.216 - 07:00 [error 09600 "Default"] SSL_connect SSLStreamImpl::DoClientHandshake (000000000db55850) has failed. Queue DumpingSSL error:

  2013 10-25 T 12: 40:29.216 - 07:00 [error 09600 'Default'] [0] error: 14090086:SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verifyfailed

  2013 10-25 T 12: 40:29.216 - 07:00 [error 'HttpConnectionPool 09600'] [ConnectComplete] Connect error SSL Exception: the remotehost certificate has these problems:

  ->

  -> * unable to get local issuer certificate

  ->

  -> * Hostname does not match the name (s) of the topic incertificate.

  2013 10-25 T 12: 40:29.217 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxLRO] - tache-interne-11449--hote-547--hostdisconnectlro.disconnect--BEGIN

  2013 10-25 T 12: 40:29.218 - 07:00 [10080 info'vmomi.soapStub [398]' opID = task-internal-11449-6cc3b3c7] adapterfor heel reset TCP server:redacted: 443: closed

  2013 10-25 T 12: 40:29.220 - 07:00 [error 09292 "Default" opID=HB-host-547@340-90f44497] [VpxdInvtHostSyncHostLRO] Got method fault:vim.fault.SSLVerifyFault

  2013 10-25 T 12: 40:29.220 - 07:00 [error 09292 "Default" opID=HB-host-547@340-90f44497] Backtrace: backtrace [00] rip 000000018013da0a (informal)

  -> backtrace [01] rip 00000001801006 b 8 (free side)

  -> backtrace [02] rip 0000000180100bbe (informal)

  -> backtrace [03] rip 0000000180087c2b (informal)

  -> backtrace [04] rip 00000000009f9a21 (informal)

  -> backtrace [05] rip 000000013fed05da (informal)

  -> backtrace [06] rip 00000001401e8cfd (informal)

  -> backtrace [07] rip 00000001401e9d84 (informal)

  -> backtrace [08] rip 00000001401ea70a (informal)

  -> backtrace [09] rip 000000013fec424b (informal)

  -> backtrace [10] rip 000000013feccf6a (no symbol

  -> backtrace [11] rip 000000018015471 d (informal)

  -> backtrace [12] rip 0000000180155 c 44 (informal)

  -> backtrace [13] rip 000000018014dfd5 (informal)

  -> backtrace [14] rip 0000000074ce2fdf (no symbol

  -> backtrace [15] rip 0000000074ce3080 (informal)

  -> backtrace [16] rip 000000007739652d (informal)

  -> backtrace [17] rip 000000007782 c 521 (free side)

  ->

  2013 10-25 T 12: 40:29.317 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoHost] host connection state [DISCONNECTED] changedto for host-547

  2013 10-25 T 12: 40:29.333 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdInvtHost::SaveFieldsToDb] IPMI redacted info is not defined

  2013 10-25 T 12: 40:29.390 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoHost::SetComputeCompatibilityDirty] marked host-547 as dirty.

  2013 10-25 T 12: 40:29.390 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoCluster::SetDasCompatDirty] Markeddomain-c26 as dirty.

  2013 10-25 T 12: 40:29.464 - 07:00 [09292 info "Default" opID=HB-host-547@340-90f44497] [VpxLRO] - speciale-interne-11448--hote-547--vpxdinvthostsynchostlro.synchronize--FINISH

  2013 10-25 T 12: 40:29.464 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoHost::SetComputeCompatibilityDirty] marked host-547 as dirty.

  2013 10-25 T 12: 40:29.464 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoCluster::SetDasCompatDirty] Markeddomain-c26 as dirty.

  2013 10-25 T 12: 40:29.464 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxLRO] - speciale-interne-11449--hote-547--hostdisconnectlro.disconnect--FINISH

  2013 10-25 T 12: 40:29.775 - 07:00 [error 'HttpConnectionPool 09292'] [ConnectComplete] Connect error no connection could not carried because the target machine actively refused it.

  2013 10-25 T 12: 40:29.775 - 07:00 [error 04556 "Default" opID = b02f0c1d] [HttpUtil::ExecuteRequest] error in sending the request - Noconnection could be made because the target machine actively refused it.

  If you have an intermittent problem where one of the symptoms is the error message "host name does not match the incertificate name (s) of the subject", I would check your DNS configuration.  Also check the SSL certificate on the host computer.  You could get directed to an ip address where the host is not the certificate that is expected.  I check the ip address of the host from the command line, and then check the certificate with a command like:

  OpenSSL s_client-connect host.domain.com:443

  and see what is CN.  He will be on top.

• SSL with Starfield Deluxe High Assurance SSL question

  This certificate does not work with my PALM Centrino and waited more than 24 hours for teir support to give me access to the Mod of Cert tool which is no longer available via the links that I found in the forums referencing this issue in the past.  I have upgraded to an iPhone but have a client dedicated to the use of its Centrino Palm and want to get ActiveSync working for him, as soon as POSSIBLE.

  His business suffered for 48 hours since the old certificate SSL expired when his phone began to restart continuously until he wiped it off.  Now, I can't recreate his VersaMail Exchange without this error resolved SSL connection.

  Please ALL/ANY help is appreciated

  Please see this thread for more information on an alternative source to download the certificate change tool (CertMod): http://forums.palm.com/palm/board/message?board.id=activesync&message.id=5086#M5086

  Message is about: Treo 800w (Sprint)

• SSL questions

  I'm trying to migrate an application on a secure server, but I had a few difficulties, so I used the wizard of ColdFusion Flex to generate a new project on this server. My main requirement is the use of RemoteObject to access my ColdFusion components.
  
  1st problem: loading the Web page, I get the error 'this page contains secure and safe ".
  Solution: unknown
  -J' tried to re - treat external links in the file main.html and .js for https files
  
  2nd problem: The RemoteObject property, Protocol, has been deprecated since v1.5
  Solution of dip: to "https" in front of your source.
  -It does not work if your source is "Acct.components.users".
  "Solution: I used a variant of endpoint="https://{server.name}:{server.port}{context.root}/flex2gateway/cfamfsecure.
  -Who seem to change my error on the face of http to https
  
  Here's a little snippet of my error message:
  
  (mx.rpc::Fault) #0
  errorID = 0
  faultCode = "Client.Error.MessageSend".
  faultDetail = "error Channel.Connect.Failed NetConnection.Call.Failed: HTTP: failed: url:"https://www.servername.com/flex2gateway/cfamfsecure"
  faultString = "send failed".
  message = "faultCode:Client.Error.MessageSend faultString: error faultDetail:'Channel.Connect.Failed"Send failed"NetConnection.Call.Failed: HTTP: failed: url: ' https://www.servername.com/flex2gateway/cfamfsecure"»
  name = "Error".
  rootCause = (mx.messaging.events::ChannelFaultEvent) #1
  
  
  I'm really curious to know if anyone has created a functional Flex application using flash remoting on a secure channel. And, if so, is there something special you had to do while setting up the app to make it work?
  
  Thank you
  Hoo
  
  
  

  I finally got it work, and it was not related to the SSL certificate. The final patches were a combination of things, that I had tried before, but I continued apparently lack of the right combination or something. Here's what I did:

  -Instead of using the "ColdFusion" destination in my RemoteObject, I used 'ColdFusionSecure '.
  -J' added 'ColdFusionSecure' as an additional definition in my file remoting - config.Xml.
  -J' made reference to this definition on channel "my-cfamf-secure" in my services-config file. XML
  -J' added the code set to false in the properties of this channel.

  I can not understand what was wrong, but it really works now. Thanks again for the help.

• Enable WebVPN without granting access to the ASA/AMPS/CLI

  Is there a way to allow access to users WebVPN (SSL) through the ASA (8.2.1) without allowing them to connect via ASDM, SSH, Telnet or CLI? I want to warn my VPN users to access the configuration of the firewall.

  I see in ASDM there are certain formulations on "it's effective only if AAA authenticates command console is configured" but I do not understand what it is explained.

  Thanks in advance,

  Greg

  You can restrict local users with the following:

  name of user attributes

  type of remote access service

  You need aaa authenticate console orders because when its not defined you can come as the default username (pix) or no username at all and the password enable (in the case of Deputy Ministers DEPUTIES). If there is no sent username, so we cannot verify obviously not the option of type 'service' in the attributes of user name. Here is more information on the command "aaa authenticate console":

  http://www.Cisco.com/en/us/docs/security/ASA/asa80/command/reference/A1.html#wp1535834

  -heather

• WEBVPN (IOS) can not access the internet

  Hello

  I am to evaluate WEBVPN (SSL VPN) functionality on the router CISCO 1921.

  I can establish a VPN connection with anyconnect and access the intranet local, but I can't access internet.

  I don't know what happened with the packets intended for internet.

  Below, I'll send webvpn configuration:

  GigabitEthernet0/0 is LAN interface

  IP nat inside source static tcp 192.168.100.1 5443 94.140.xx.yy extensible 5443

  WebVPN gateway GATEWAY WEBSSL
  interface IP port GigabitEthernet0/0 5443
  SSL trustpoint TP-self-signed-4050442324
  development
  !
  WebVPN context ASCAL SSLVPN
  secondary-color #990000
  title-color black
  list of authentication SSL - VPN from AAA.
  Gateway GATEWAY WEBSSL
  10 Max-users
  !
  SSL authentication check all
  development
  !
  Group Policy SSLVPN_POLICY
  functions compatible svc
  SVC address pool "vpn_pool" netmask 255.255.255.0
  generate a new key SVC new-tunnel method
  mask-URL
  Group Policy - by default-SSLVPN_POLICY
  !

  Thank you in advance.

  Kind regards,

  Herman

  Hello

  Make sure that you have the list of nat source configured to allow the VPN pool, if you want to use internet from the router or you can use split tunnel to allow only internal traffic on VPN

  example:

  SVC split Router (config-WebVPN-Group) # include 198.168.100.0 255.255.255.0

  SVC split Router (config-WebVPN-Group) # include 192.168.200.0 255.255.255.0

  Kind regards

  Averroès.

• Where can I get a SSL VPN client?

  I don't know much about vpn technology, but used the cisco 5.x client software and the software vpn client that ships with windows xp. Now a customer asks me to connect using an ssl vpn. I don't think I can do it with either of the vpn client packages I've used before? So what am I supposed to use? I looked openvpn and couldn't make much sense out of it. I registered on this site, but apparently this is not enough for me to access the software vpn ssl client.

  Michael,

  If you are the client establishing the connection to the server RA via SSL the way that it works is using regular internet OS web browser as Internet Exprorer, as it supports SSL as webvpn SSL, and the user credentials to open a session in WEBVPN leads, that's all that you need to connect to the server of your customer RA.

  exmple to connect to the RA through webvpn would be like:

  https://

  There are two things you need as to the requirements, and I quote from the link below.

  Requirements

  Before this configuration, make sure that you follow the conditions for remote client stations:

  SSL compatible Web browser

  SUN Java JRE version 1.4 or newer

  Cookies enabled

  Blockers disabled popups

  Local administrator privileges (only not mandatory but highly recommended)

  Note: The latest version of SUN Java JRE is available as a free download from the Java Web site.

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008072462a.shtml#PREREQ

  PLS note any useful message

  Rgds

  Jorge

• WebVPN not works of harbors (https or http) with IOS - 12, 4 (24) T5

  I have a router with IOS-12-877, 4 (24) T5

  My problem is when I try to connect to https (or http) from outside to open the web portal to connect using WebVPN (SSL VPN)

  He never answers!

  I can connect to the public IP address of the inside of LAN, instead may open the webvpn Portal download anyconnect and establishing the SSL VPN.

  I can connect to my local network using Cisco VPN Client from outside and I have a VPN from Site to Site also works.

  This is my config (without data):

  ---------------------------------------------------------------------------------------------

  ---------------------------------------------------------------------------------------------

  877_Feria #.

  877_Feria #show run

  Building configuration...

  Current configuration: 7756 bytes

  !

  version 12.4

  no service button

  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  no password encryption service

  !

  hostname 877_Feria

  !

  boot-start-marker

  boot-end-marker

  !

  forest-meter operation of syslog messages

  logging buffered 52000

  !

  AAA new-model

  !

  !

  AAA authentication login ciscocp_vpn_xauth_ml_1 local

  AAA authentication login ciscocp_vpn_xauth_ml_2 local

  AAA authorization ciscocp_vpn_group_ml_1 LAN

  !

  !

  AAA - the id of the joint session

  clock timezone Paris 1

  summer time clock Paris date March 30, 2003 02:00 October 26, 2003 03:00

  !

  Crypto pki trustpoint SSL

  enrollment selfsigned

  full domain name no

  name of the object CN = vpnferia

  crl revocation checking

  rsakeypair SSL_FERIA

  !

  !

  pki encryption SSL certificate chain

  self-signed certificate 03

  3082020E 30820177 02020103 300 D 0609 2A 864886 F70D0101 04050030 A0030201

  13311130 0F060355 04031308 76706E66 65726961 31313033 31343037 301E170D

  5A170D32 33353338 30303130 31303030 3030305A 30133111 55040313 300F0603

  0876706E 66657269 300 D 0609 2A 864886 F70D0101 01050003 6130819F 818D 0030

  81009F30 81890281 1B5E0CF6 F3376884 9C8D3749 237D3F13 CB9728D1 B 0712, 635

  7293B 978 6BE81A2F 06951D 72 C30178C0 91B4786B 7E701B59 62622 HAS 31 96D023C1

  BDB82295 E4E77FC8 97BF34CA 16B03F53 5EC21F5E 88BA12E1 E5D12729 58136 HAS 53

  76E35D33 1A99EF9F E7B034D6 EB3CF17C A73ECAA1 326573DE 164BB1F3 5EA8EE17

  4AB73CD3 22950203 010001A 3 72307030 1 130101 FF040530 030101FF 0F060355

  0603 551 1104 16301482 12383737 5F466572 69612E66 65726961 301D 2E657330

  1 230418 30168014 51E4D8C7 6347B08A D3CB8F2E F4E4C400 061DB6B4 1F060355

  301D 0603 551D0E04 16041451 E4D8C763 47B08AD3 CB8F2EF4 E4C40006 1DB6B430

  010104 05000381 81008160 0AAD04E3 D247EA6C C1F6E93C 0D 864886F7 0D06092A

  5D0B4C8F 25319E30 8EBABE6F 50E53F7D 57DE0F8A 13BB3212 642C4EAC A32610A6

  75D6568E DA5CEF92 E59D511B 80186AF8 73CC11E6 F1E82065 C47E6B60 82BCA939

  9FF3F06D E3858349 3007AFC2 A2F0CE59 809FA1E1 F2B7FEA1 9B13E8AA 1FEF6AF1

  96E627FC 481642F4 A466EFE7 C 8124, 374 044F

  quit smoking

  dot11 syslog

  IP source-route

  DHCP excluded-address IP 10.10.10.1

  !

  DHCP IP CCP-pool

  import all

  Network 10.10.10.0 255.255.255.248

  default router 10.10.10.1

  Rental 2 0

  !

  !

  IP cef

  IP domain name feria.net

  name of the IP-server 192.168.254.3

  !

  !

  !

  !

  username privilege 15 secret 5 user1 zMca $1$ $ 0AkwxrsfBY63XPUHxv31N0

  username userVPN secret 5 $1$ $8iKr 8WV5IhFUmI671.XGp3Gb11

  username userWebVPN secret 5 $1$ $3HPK tvFjfrQd86iAoHGsa5Uu01

  !

  !

  crypto ISAKMP policy 1

  BA 3des

  preshared authentication

  Group 2

  ISAKMP crypto keys interkey address 8.2.24.3

  !

  Configuration group isakmp crypto CiscoVPN client

  key 123456

  pool ippool

  10 Max-users

  netmask 255.255.255.0

  ISAKMP crypto ciscocp-ike-profile-1 profile

  identity CiscoVPN group match

  client authentication list ciscocp_vpn_xauth_ml_1

  ISAKMP authorization list ciscocp_vpn_group_ml_1

  client configuration address respond

  virtual-model 2

  !

  !

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

  !

  Profile of crypto ipsec CiscoCP_Profile1

  game of transformation-ESP-3DES-SHA1

  set of isakmp - profile ciscocp-ike-profile-1

  !

  !

  map SDM_CMAP_1 1 ipsec-isakmp crypto

  Description Tunnel to8.2.24.3

  defined by peer 8.2.24.3

  game of transformation-ESP-3DES-SHA

  match address 101

  !

  Archives

  The config log

  hidekeys

  !

  !

  property intellectual ssh source interface Vlan1

  !

  !

  !

  ATM0 interface

  no ip address

  No atm ilmi-keepalive

  waiting-224 in

  !

  point-to-point interface ATM0.1

  IP 8.3.8.6 255.255.255.240

  NAT outside IP

  IP virtual-reassembly

  PVC 8/32

  aal5snap encapsulation

  !

  map SDM_CMAP_1 crypto

  Crypto ipsec df - bit clear

  !

  interface FastEthernet0

  !

  interface FastEthernet1

  !

  interface FastEthernet2

  !

  interface FastEthernet3

  !

  interface virtual-Template1

  ATM0.1 IP unnumbered

  !

  tunnel type of interface virtual-Template2

  ATM0.1 IP unnumbered

  ipv4 ipsec tunnel mode

  Tunnel CiscoCP_Profile1 ipsec protection profile

  !

  interface Vlan1

  Description $ETH - SW - LAUNCH, INTF-INFO-HWIC $$ $4ESW

  IP 192.168.254.240 255.255.255.0

  IP nat inside

  IP virtual-reassembly

  IP tcp adjust-mss 1452

  !

  IP local pool ippool 192.168.253.1 192.168.253.10

  no ip forward-Protocol nd

  IP route 0.0.0.0 0.0.0.0 ATM0.1

  IP http server

  access-class 2 IP http

  local IP http authentication

  IP http secure server

  IP http timeout policy slowed down 60 life 86400 request 10000

  !

  IP nat inside source map route SDM_RMAP_1 interface ATM0.1 overload

  !

  access-list 1 permit 192.168.254.0 0.0.0.255 connect

  access-list 2 allow one

  access-list 23 allow 10.10.10.0 0.0.0.7

  Note access-list 100 CCP_ACL category = 19

  Note access-list 100 IPSec rule

  access-list 100 deny ip 192.168.254.0 0.0.0.255 192.168.0.0 0.0.0.255

  access ip-list 100 permit a whole

  Note access-list 101 category CCP_ACL = 4

  Note access-list 101 IPSec rule

  access-list 101 permit ip 192.168.254.0 0.0.0.255 192.168.0.0 0.0.0.255

  !

  !

  !

  allowed SDM_RMAP_1 1 route map

  corresponds to the IP 100

  !

  !

  control plan

  !

  !

  Line con 0

  no activation of the modem

  line to 0

  line vty 0 4

  access-class 100 in

  privilege level 15

  connection of authentication AutClient

  transport input telnet ssh

  !

  max-task-time 5000 Planner

  !

  WebVPN gateway gateway_1

  hostname 877_Feria

  IP address 8.3.8.6 port 443

  redirect http port 80

  trustpoint SSL SSL

  development

  !

  WebVPN install svc flash:/webvpn/anyconnect-dart-win-2.5.2017-k9.pkg sequence 1

  !

  WebVPN context VPN-Feria

  secondary-color white

  color of the title #FF9900

  text-color black

  SSL authentication check all

  !

  !

  policy_1 political group

  functions compatible svc

  SVC-pool of addresses "ippool.

  SVC Dungeon-client-installed

  virtual-model 1

  Group Policy - by default-policy_1

  AAA authentication list ciscocp_vpn_xauth_ml_2

  Gateway gateway_1 field vpnferia

  10 Max-users

  development

  !

  end

  ---------------------------------------------------------------------------------------------

  ---------------------------------------------------------------------------------------------

  This who can miss?

  Thank you all!

  Try adding a NAT statement for outdoors.

  IP nat inside source static tcp 8.3.8.6 443 8.3.8.6 443

  assuming that 8.3.8.6 is your public IP address.

  -Brian

• ASA to remote access VPN with external IP dynamic

  Hi forum,

  I was wondering if it was possible to set up an ASA to provide access to remote connections VPN (IPSEC or WebVPN/SSL) of the outside world, if the external IP address is dynamic (i.e. obtained through DHCP)?  I understand how to use DynamicDNS to provide a host name for the VPN clients, I ask simply if the SAA can be configured to allow VPN connections from a DHCP interface addressed.  I understand there are problems with the site to site VPN when both sides are addressed in a dynamic way, but it seems that the remote VPN access should work.  Just hoping to confirm this before I go and I'm working on a config.

  Thanks in advance...

  The same configuration applies.

  In my view, that the only difference is that with the external IP being dynamic:

  interface e0/0

  IP address dhcp setroute

  crypto map

  The only difference is that (the PCF file) VPN clients should have the VPN connection with a hostname (rather than an IP address) and the IP must be solved at the IPs of the SAA.

  I'll try to find you an example configuration if you do not.

  Federico.

• CISCO ADAPTIVE SECURITY APPLIANCES ASA 5500 SERIES

  Hello

  I'm doing a comparison of the above with other offers from different providers.

  Can someone tell me if the firewall feature of this device actually runs the full version of PIX OS 7.0.

  Flipping through the manual, it does not mention PPTP with MPPE or L2TP with IPSEC support while I'm reasonably sure these two would be supported in a pix running OS 7.0

  Thank you

  Paddy

  The PIX and ASA are running the same code, no difference. The reason why you don't see PPTP and L2TP/IPSec mentioned is that these functions have been removed from code of v7.0 PIX / ASA, mainly because they used very little and they need space for the more 50 new features that have been added. It is detailed here:

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_sw/v_70/70_rn/pix_70rn.htm#wp119169

  The ASA actually gives you some extra with 7.0 features that works on a PIX is not, like WebVPN (SSL VPN), load balancing VPN and support the onboard SSM (IDS/IPS).

• Palm Pre and Jawbone 2 pairing problems

  I just bought a Jawbone 2 for my pre and I can't get the phone to recognize even I have fitted with a bluetooth device, let alone connect to it for a given period.  I have the piece of ear a few inches away from the phone and it keeps saying no devices.  Why is this so frustrating, that everything has to be a problem so far with this phone? I'm just glad, they got the EAS SSL question worked, but I have to use bluetooth and I don't understand why it does not work.  Fix this Palm or someone please let me know what to do.  Thank you.

  I have a jaw 2 and have no problem that the pairing so that never.

  Look here for putting the jaw bone in twinning mod.

  http://Aliph.custhelp.com/cgi-bin/Aliph.cfg/php/enduser/std_adp.php?p_faqid=143

  then search bluetoothe with pre devices.

  If it has not yet come there is probably a hardware problem in the pre or the jaw.

• Qosmio F60 - web browser SSL cecurity questions

  I have a Qosmio F60 with all SSL certificate custom web browsers and security loading pages, if I refresh the page a few times constantly it loads but then will be the question once again.

  I tried factory resetting the computer and the new facility, removed and reinstalled programs still the same issue.
  thought it might be the date/time settings that had been arrested, but if all 100% in the bios and windows.

  I thought that it is possible the RTC battery but the date/time settings are not change by themselves and everything seems fine, it would be useful to make a new battery rtc anyway?

  If anyone has any ideas that might help, please do this done in my head!

  Thank you all

  If the date and time is set correctly, you need not change the data and time but its recommended to load the defaults (F9) in the BIOS.

  Regarding the SSL certificate:
  First of all the certificate SSL / Digital certificates ensure the safety of websites by encrypting sensitive data and to verify the identity of secure Web sites.
  Usually, the site owner/administrator is responsible and must ensure the security of online communications.

  In my opinion, you must make sure that all your web browsers are updated. I use two main browsers: Chrome and Firefox. In my opinion the best browsers you can use today...