Any-Connect not connecting with some of the tunnel groups, while working fine with others

Any-Connect not connecting with some of the tunnel groups, while working fine with others

  November 20, 2015    Raj

---

I ran into an issue with my Any-Connect I had some couple of tunnel groups and I upgraded my ASA from 8.6 to 9.2 , after upgrade Any-Connect stopped connecting with few of the tunnel groups. Debugs were saying : Not calling vpn_remove_uauth: not IPv4!webvpn_svc_np_tear_down: no IPv6 ACL Any-Connect was giving this error: Failed to get configuration from secure gateway. Contact your system administrator. Here...

Read More

Ipsec over GRE : Tunnel protocol is down : Tunnel with Vlan interface

Ipsec over GRE : Tunnel protocol is down : Tunnel with Vlan interface

  November 20, 2015    Raj

---

I have an IPSec over GRE tunnel between two routers (ofcourse :) ) I had some physical interface limitation so I could not assign an IP address to it. It is a L2 interface. So I have created a vlan and assigned an Ip address to vlan and then called the vlan under interface. Here is my configuration : After I have configured this I see tunnel protocol status is DOWN crypto map mymap local-address...

Read More

Packet capture on router

Packet capture on router

  November 19, 2015    Raj

---

1.Define a 'capture buffer' with the specified name monitor capture buffer mycap size 2048 max-size 4000 circular 2. Specify access-list ip access-list ex mycap permit ip host permit ip host monitor capture buffer mycap filter access-list mycap 3. Defines a capture point monitor capture point ip cef cap fastEthernet 1/0 both 4. Attach capture point with the capture buffer specified. monitor...

Read More

How to disable sysloggging on ASA?

How to disable sysloggging on ASA?

  November 17, 2015    Raj

---

I have an ASA and all the debugs are going to syslog. I need to quickly run debug icmp trace and check the results. How can I disable syslog temporarly? no logging debug-trace How to enable it back? logging debug-trace...

Read More

Anyconnect 4.0 License Scheme

Anyconnect 4.0 License Scheme

  November 07, 2015    Raj

---

Failover: If you are using failover firewalls you can (but don't have to) use a shared license' model, this lets you purchase a bundle of Premium licenses. and share them across multiple pieces of hardware, This requires an ASA to be setup as the license' server'....

Read More

How to assign IP address on ASA 5505 - and how to create local pool for Inside on ASA 5505

How to assign IP address on ASA 5505 - and how to create local pool for Inside on ASA 5505

  November 07, 2015    Raj

---

Create VLAN Interface : interface vlan 1 ip address 192.168.1.1 255.255.255.0 no shut exit Go to physical interface and call the vlan using switchport access command Interface eth0/0 switchport access vlan 1 no shut For the ASA 5505, the maximum number of DHCP client addresses varies depending on the license: • If the limit is 10 hosts, the maximum available DHCP pool is 32 addresses. • If the...

Read More

Anyconnect gives error : Not calling vpn_remove_uauth: not IPv4! webvpn_svc_np_tear_down: no ACL

Anyconnect gives error : Not calling vpn_remove_uauth: not IPv4! webvpn_svc_np_tear_down: no ACL

  November 05, 2015    Raj

---

Error message when connecting to Anyconnect:============================================== Not calling vpn_remove_uauth: not IPv4!webvpn_svc_np_tear_down: no ACL webvpn_svc_np_tear_down: no IPv6 ACL So for me the issue was : Anyconnect was trying to establish connection with Default RA group tunnel-group.There was no IP pool called under it. I then enabled tunnel-group-list enable under Webvpnand...

Read More