ASA me2

Let's troubleshoot... We also do trainings .. Checkout our training page https://asame2.blogspot.com/p/we-also-deliver-trainings.html

Featured Post

How to generate a CSR on Cisco ASA using CLI? CSR- (Certificate signing request)

First thing we need is an RSA key pair:   crypto key generate rsa label SSL-Key modulus 1024 noconfirm Create a trust-point crypto ca...

Recent Comments

Recent Post

Let's troubleshoot... We also do trainings .. Checkout our training page https://asame2.blogspot.com/p/we-also-deliver-trainings.html

Friday, 30 October 2015

Site to site timeouts : Stop Site-to-Site VPN Drop (ASA & Router)

  October 30, 2015    

By default, site-to-site VPNs timeout after 30 minutes of idle time. On ASA: ========= Enter the vpn-idle-timeout command in group-policy configuration mode or in username configuration mode in order to configure the user timeout period:  hostname(config)#group-policy DfltGrpPolicy attributes hostname(config-group-policy)#vpn-idle-timeout none   Configure a maximum amount of time for...

  1 Comment

Friday, 23 October 2015

Thursday, 22 October 2015

Thursday, 15 October 2015

Site to site Error messages

  October 15, 2015    

During debug I could see this log:Queueing KEY-ACQUIRE messages to be processed when P1 SA is complete. I referred many documents to figure out what does this message say, and tried all their suggestions but couldn't get my tunnel up.Then I realized I have been missing something in my configuration. I took a closer look and found that I have not enabled isakmp on my DMZ interface where I was trying...

  No Comments

Monday, 12 October 2015

EZVPN on routers

  October 12, 2015    

Server side:================= username ezvpn-spoke1 password cisco1 aaa authentication login USER_AAA local aaa authentication login USERLIST local aaa authorization network GROUP_AAA local Create A pool: ====================ip local pool VPN-POOL 10.1.1.1 10.1.1.10 Split ACL : ip access-list extended SPLIT_T permit ip 192.168.0.0 0.0.255.255 any !--- IKE configuration ! crypto isakmp policy...

  No Comments

VPN client on ASA

  October 12, 2015    

This section describes how to configure remote access VPNs and includes the following topics: •Configuring Interfaces •Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface •Configuring an Address Pool •Adding a User •Creating a Transform...

  No Comments

Thursday, 8 October 2015

Wednesday, 7 October 2015

Anyconnect CLI config on ASA

  October 07, 2015    

upload .pkg file to asa You can ASDM to ASA and put .pkg file to your disk0. or you can copy fro your TFTP copy tftp flash enter source IP enter source file name anyconnect-win-3.1.05152-k9 destination file name , let it be same just hit enter ! Here is the scenario ! !...

  No Comments

Tuesday, 6 October 2015

VTI - DVTI cofig for VPN client

  October 06, 2015    

crypto isakmp policy 10  encr 3des  hash md5  authentication pre-share  group 5 ! !Create a pool: ip local pool ippool 192.168.1.1 192.168.1.2!!Split ACL:!access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255! !Create isakmp group: !================ crypto isakmp client configuration group cisco key cisco acl 101 pool ippool ! aaa authentication login methodlist1...

  No Comments

VTI - Static VTI config

  October 06, 2015    

R2# conf t inter fa1/1 no shut ip address 1.1.1.1 255.255.255.252 exit ! inter fa1/0 no shut ip add 10.10.10.1 255.255.255.0 exit ! crypto ipsec profile myprofile set transform-set tunnel1 ! inter tu0 ip add 172.16.14.1 255.255.255.252 tunnel source 1.1.1.1 tunnel destination...

  No Comments

GRE over IPSec

  October 06, 2015    

R2# ! Interface configuration: conf t inter fa1/1 no shut ip address 1.1.1.1 255.255.255.252 exit ! ! Interface configuration: inter fa1/0 no shut ip add 10.10.10.1 255.255.255.0 exit ! ! Create a virtual tunnel Interface, give an IP address to this interface. This...

  No Comments

Friday, 2 October 2015

VPN Client on router

  October 02, 2015    

If you want aaa authentication to be done <otherwise you can skip this part and directly start from phase 1 config> aaa new-model ! !--- In order to enable Xauth for user authentication, !--- enable the aaa authentication commands. aaa authentication login...

  1 Comment

Subscribe to: Posts (Atom)