Hi Piotr Great, that made it work.
But why do we need webvpn to be enabled? Is CA server embedded with WebVPN service? With regards Kings On Tue, Sep 6, 2011 at 11:33 AM, Piotr Matusiak <[email protected]> wrote: > Hi Kings, > > You need WebVPN to be enabled for that. > > Regards, > Piotr > > > > 2011/9/6 Kingsley Charles <[email protected]> > >> Hi Piotr >> >> I don't have webvpn configured? I get the same log message even when I use >> IP address. Do we need http server enabled? I tried enabling http server too >> and that didn't work for me. >> >> >> With regards >> Kings >> >> >> On Mon, Sep 5, 2011 at 8:26 PM, Piotr Matusiak <[email protected]> wrote: >> >>> Hi Kings, >>> >>> Did you enable webvpn on the outside? >>> You can connect using IP address as well. >>> >>> Regards, >>> Piotr >>> >>> 2011/9/5 Kingsley Charles <[email protected]> >>> >>>> Hi all >>>> >>>> I have configured the ASA for CA server and when I try to access the >>>> enrollment URL, I get the following logs: From the log reference for >>>> 710005, >>>> I think, the CA server service is not running. >>>> >>>> I am trying to access enrollment url using the host name >>>> https://asa2/+CSCOCA+/enroll.html and have defined hostname to IP >>>> address mapping in the host file. I remember, we can only access using >>>> hostname not IP address. >>>> >>>> Any thoughts? >>>> >>>> *Config* >>>> >>>> crypto ca server >>>> subject-name-default cn=ca >>>> smtp from-address [email protected] >>>> >>>> *Logs* >>>> >>>> %ASA-7-710005: TCP request discarded from 10.20.30.40/1750 to outside: >>>> 10.20.30.43/443 >>>> %ASA-3-710003: TCP access denied by ACL from 10.20.30.40/1750 to >>>> outside:10.20.30.43/443 >>>> >>>> >>>> Snippet from >>>> http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html#wp1285746 >>>> 710005 >>>> >>>> Error Message %PIX|ASA-7-710005: {TCP|UDP} request discarded from >>>> *source_address/source_port* to *interface_name:dest_address/service* >>>> >>>> Explanation This message appears when the Cisco ASA does not have a >>>> UDP server that services the UDP request. The message can also indicate a >>>> TCP packet that does not belong to any session on the Cisco ASA . In >>>> addition, this message appears (with the service *snmp*) when the Cisco >>>> ASA receives an SNMP request with an empty payload, even if it is from an >>>> authorized host. When the service is *snmp*, this message occurs a >>>> maximum of 1 time every 10 seconds so that the log receiver is not >>>> overwhelmed. >>>> >>>> Recommended Action In networks that heavily utilize broadcasting >>>> services such as DHCP, RIP or NetBios, the frequency of this message can be >>>> high. If this message appears in excessive number, it may indicate an >>>> attack. >>>> >>>> >>>> With regards >>>> Kings >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, >>>> please visit www.ipexpert.com >>>> >>>> Are you a CCNP or CCIE and looking for a job? Check out >>>> www.PlatinumPlacement.com >>>> >>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
