Hi all I have configured the ASA for CA server and when I try to access the enrollment URL, I get the following logs: From the log reference for 710005, I think, the CA server service is not running.
I am trying to access enrollment url using the host name https://asa2/+CSCOCA+/enroll.html and have defined hostname to IP address mapping in the host file. I remember, we can only access using hostname not IP address. Any thoughts? *Config* crypto ca server subject-name-default cn=ca smtp from-address [email protected] *Logs* %ASA-7-710005: TCP request discarded from 10.20.30.40/1750 to outside: 10.20.30.43/443 %ASA-3-710003: TCP access denied by ACL from 10.20.30.40/1750 to outside: 10.20.30.43/443 Snippet from http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html#wp1285746 710005 Error Message %PIX|ASA-7-710005: {TCP|UDP} request discarded from *source_address/source_port* to *interface_name:dest_address/service* Explanation This message appears when the Cisco ASA does not have a UDP server that services the UDP request. The message can also indicate a TCP packet that does not belong to any session on the Cisco ASA . In addition, this message appears (with the service *snmp*) when the Cisco ASA receives an SNMP request with an empty payload, even if it is from an authorized host. When the service is *snmp*, this message occurs a maximum of 1 time every 10 seconds so that the log receiver is not overwhelmed. Recommended Action In networks that heavily utilize broadcasting services such as DHCP, RIP or NetBios, the frequency of this message can be high. If this message appears in excessive number, it may indicate an attack. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
