What's the ASA CA purpose? To give out certificate for SSL (clientless and full client), right? In both cases you need webvpn to be enabled.
Regards, Piotr 2011/9/6 Kingsley Charles <[email protected]> > Hi Piotr > > Great, that made it work. > > But why do we need webvpn to be enabled? Is CA server embedded with WebVPN > service? > > With regards > Kings > > > On Tue, Sep 6, 2011 at 11:33 AM, Piotr Matusiak <[email protected]> wrote: > >> Hi Kings, >> >> You need WebVPN to be enabled for that. >> >> Regards, >> Piotr >> >> >> >> 2011/9/6 Kingsley Charles <[email protected]> >> >>> Hi Piotr >>> >>> I don't have webvpn configured? I get the same log message even when I >>> use IP address. Do we need http server enabled? I tried enabling http server >>> too and that didn't work for me. >>> >>> >>> With regards >>> Kings >>> >>> >>> On Mon, Sep 5, 2011 at 8:26 PM, Piotr Matusiak <[email protected]> wrote: >>> >>>> Hi Kings, >>>> >>>> Did you enable webvpn on the outside? >>>> You can connect using IP address as well. >>>> >>>> Regards, >>>> Piotr >>>> >>>> 2011/9/5 Kingsley Charles <[email protected]> >>>> >>>>> Hi all >>>>> >>>>> I have configured the ASA for CA server and when I try to access the >>>>> enrollment URL, I get the following logs: From the log reference for >>>>> 710005, >>>>> I think, the CA server service is not running. >>>>> >>>>> I am trying to access enrollment url using the host name >>>>> https://asa2/+CSCOCA+/enroll.html and have defined hostname to IP >>>>> address mapping in the host file. I remember, we can only access using >>>>> hostname not IP address. >>>>> >>>>> Any thoughts? >>>>> >>>>> *Config* >>>>> >>>>> crypto ca server >>>>> subject-name-default cn=ca >>>>> smtp from-address [email protected] >>>>> >>>>> *Logs* >>>>> >>>>> %ASA-7-710005: TCP request discarded from 10.20.30.40/1750 to outside: >>>>> 10.20.30.43/443 >>>>> %ASA-3-710003: TCP access denied by ACL from 10.20.30.40/1750 to >>>>> outside:10.20.30.43/443 >>>>> >>>>> >>>>> Snippet from >>>>> http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html#wp1285746 >>>>> 710005 >>>>> >>>>> Error Message %PIX|ASA-7-710005: {TCP|UDP} request discarded from >>>>> *source_address/source_port* to *interface_name:dest_address/service* >>>>> >>>>> Explanation This message appears when the Cisco ASA does not have a >>>>> UDP server that services the UDP request. The message can also indicate a >>>>> TCP packet that does not belong to any session on the Cisco ASA . In >>>>> addition, this message appears (with the service *snmp*) when the >>>>> Cisco ASA receives an SNMP request with an empty payload, even if it is >>>>> from >>>>> an authorized host. When the service is *snmp*, this message occurs a >>>>> maximum of 1 time every 10 seconds so that the log receiver is not >>>>> overwhelmed. >>>>> >>>>> Recommended Action In networks that heavily utilize broadcasting >>>>> services such as DHCP, RIP or NetBios, the frequency of this message can >>>>> be >>>>> high. If this message appears in excessive number, it may indicate an >>>>> attack. >>>>> >>>>> >>>>> With regards >>>>> Kings >>>>> >>>>> _______________________________________________ >>>>> For more information regarding industry leading CCIE Lab training, >>>>> please visit www.ipexpert.com >>>>> >>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>> www.PlatinumPlacement.com >>>>> >>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
