Hi all
When I run packet tracer from out to in, I get the following O/P. Now the
outside interface is shared between contexts but I have configured for mac
address-auto. Traffic is passing without any issues.
Thoughts please.
asa1/admin(config)# packet-tracer input outside tcp 20.10.30.40 1024
Typo, the dest port is 23...
On Wed, Jul 4, 2012 at 5:45 PM, Kingsley Charles kingsley.char...@gmail.com
wrote:
Hi all
When I run packet tracer from out to in, I get the following O/P. Now the
outside interface is shared between contexts but I have configured for mac
address-auto. Traffic
Kings,
Packet Tracer is buggy in multiple context mode (some certain scenarios).
Maybe they fixed it in 8.2, but not 100% of that.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Jul 4, 2012 at 3:49 PM,
This is a very basic question and more so about the lingo.
This task calls out, on the second line that the ACS should never be
filtered.
Does that mean that is applicable for the entire task and hence we would
apply it for java and activex and also url and ftp or just do it for java
and activex
Hi guys,
I'm having difficulties to configure dot1x with webauth fallback.
Dot1x for clients with supplicant works fine, but when I connect a non
supplicant client webauth fallback fails to work.
Once the dot1x timers expire the switchport fallbacks to webauth
authentication method, I can see
Ben,
You actually can do it with a port, however as you rightly mentioned it would
be for the source port. Static PAT is always for source port translations so
something like the following scenario should work fine.
Real Address 10.10.10.10
Translated Address 20.20.20.20
Port to be used 23
Correct,
Try with real traffic if it doesnt work, use NAT which is the second method
that the firewall uses for packet classification, a regular self translation
should do it.
Mike
Date: Wed, 4 Jul 2012 16:00:31 +0200
From: pio...@ipexpert.com
To: kingsley.char...@gmail.com
CC:
Seems like explicitly excluding the fragments will fix the problem..
access-list 123 deny icmp any any fragments
access-list 123 permit icmp any any unreachable
Still not sure why VACL drop the fragments by default , but I have checked
with CAT 3560/CAT3750 different IOS versions and had the