Hi Kings, You need WebVPN to be enabled for that.
Regards, Piotr 2011/9/6 Kingsley Charles <[email protected]> > Hi Piotr > > I don't have webvpn configured? I get the same log message even when I use > IP address. Do we need http server enabled? I tried enabling http server too > and that didn't work for me. > > > With regards > Kings > > > On Mon, Sep 5, 2011 at 8:26 PM, Piotr Matusiak <[email protected]> wrote: > >> Hi Kings, >> >> Did you enable webvpn on the outside? >> You can connect using IP address as well. >> >> Regards, >> Piotr >> >> 2011/9/5 Kingsley Charles <[email protected]> >> >>> Hi all >>> >>> I have configured the ASA for CA server and when I try to access the >>> enrollment URL, I get the following logs: From the log reference for 710005, >>> I think, the CA server service is not running. >>> >>> I am trying to access enrollment url using the host name >>> https://asa2/+CSCOCA+/enroll.html and have defined hostname to IP >>> address mapping in the host file. I remember, we can only access using >>> hostname not IP address. >>> >>> Any thoughts? >>> >>> *Config* >>> >>> crypto ca server >>> subject-name-default cn=ca >>> smtp from-address [email protected] >>> >>> *Logs* >>> >>> %ASA-7-710005: TCP request discarded from 10.20.30.40/1750 to outside: >>> 10.20.30.43/443 >>> %ASA-3-710003: TCP access denied by ACL from 10.20.30.40/1750 to >>> outside:10.20.30.43/443 >>> >>> >>> Snippet from >>> http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html#wp1285746 >>> 710005 >>> >>> Error Message %PIX|ASA-7-710005: {TCP|UDP} request discarded from >>> *source_address/source_port* to *interface_name:dest_address/service* >>> >>> Explanation This message appears when the Cisco ASA does not have a >>> UDP server that services the UDP request. The message can also indicate a >>> TCP packet that does not belong to any session on the Cisco ASA . In >>> addition, this message appears (with the service *snmp*) when the Cisco >>> ASA receives an SNMP request with an empty payload, even if it is from an >>> authorized host. When the service is *snmp*, this message occurs a >>> maximum of 1 time every 10 seconds so that the log receiver is not >>> overwhelmed. >>> >>> Recommended Action In networks that heavily utilize broadcasting >>> services such as DHCP, RIP or NetBios, the frequency of this message can be >>> high. If this message appears in excessive number, it may indicate an >>> attack. >>> >>> >>> With regards >>> Kings >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
