..also keep in mind that your split-tunnel ACL can be extended if specified in
the following format:
x.x.x.x mask y.y.y.y mask (your vpn pool)
10.18.0.0 255.255.0.0 10.18.14.0 255.255.255.0
--- On Fri, 8/7/09, Scott Granados wrote:
From: Scott Granados
Subject: Re: [c-nsp] ASA5520, can't
..NAT entries are not required as long as *nat-control* is not enabled. I can't
recall the default but you can verify your setup - sh run nat-control.
The PC in question wouldn't happen to be behind a firewall and using an rfc1918
addr. on the 10.x space as well ? Also, NAT-T (ipsec/UDP port 10,0
Hi Scott,
...at first pass -
have you *exempted* your vpn pool<->split-tunnel subnets from NAT on
the appropriate interfaces?
Regards,
./Randy
--- On Fri, 8/7/09, Scott Granados wrote:
From: Scott Granados
Subject: [c-nsp] ASA5520, can't pass traffic over ipsec tunnel between Cisco
client a
I'm thinking this might be it. I'm probably doing bad things with the
connected pool.
Thanks for the pointers.
- Original Message -
From: Randy
To: Michael K. Smith - Adhost ; Scott Granados
Cc: cisco-nsp@puck.nether.net
Sent: Friday, August 07, 2009 4:02 PM
Subject: Re:
Hi, so the client is attached directly to a Sprint air card or directly to a
cable internet connection with a real IP address. I have udp 1 defined in
the group policy and see that port being used in the client logs.
Thanks
Scott
- Original Message -
From: Randy
To: Rob Gi
Hi Michael,
Wouldn't the more specific /24 come in to play instead of the much larger
/16? If I route the /16 via 10.18.14.1 but the /24 of 10.18.14.1 is
directly connected I would have thought the /24 would win. I'll definitely
give this a try however.
Thanks
Scott
- Original Messag
I actually don't have any nat entries because I didn't think I needed any
what with this not being used for anything but VPN, is this incorrect?
- Original Message -
From: "Rob Gilreath"
To:
Cc: "Scott Granados"
Sent: Friday, August 07, 2009 2:35 PM
Subject: Re: [c-nsp] ASA5520, can
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Scott Granados
> Sent: Friday, August 07, 2009 1:47 PM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] ASA5520,can't pass traffic over ipsec tunnel between
> Cisco
Hi, I'm having difficulties configuring VPN tunnels between a PC with the
Cisco VPN client (windows XP) and an ASA5520.
BACKGROUND
I have an ASA5520 with a public interface of 206.x.x.232 and an inside
address of 10.18.14.6. The outside interface is connected to the public
internet directly,
Not one hit on this one, perhaps broadening the question to as follows might
help:
Anyone using IPSLA's standalone have any pointers to monitor voice have any
pointers (what tests to run, packet sizes, frequency of tests)?
Thanks,
-Jeff
-Original Message-
From: cisco-nsp-boun...@puck.
Slightly OT, but with all the NMS e-mails going around lately it might have
some relevance.
I'm in the middle of a RedSeal (http://www.redseal.net/) deployment, and I
was wondering if anyone else on the list was using this product. I'd just
like to get an idea of whether it has been useful, and w
We take it another step, using the linux tac-plus, specifying a acl for
each user, and commands they can or cannot run The only problem
we've run into is one user who needs higher access on one router but
still limited access on another, we've gotten around that a little bit
by setting priv
Yes! seems to be pretty simple I will try it today :-D
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
On Fri, 2009-08-07 at 13:01 +0200, luismi wrote:
> We have here several Cisco devices and I would like to know if it is
> possible to filter who get access to some specific devices using the
> tacacs.conf file or the AAA configuration inside the devices.
>
> Is that possible?
It is, and it works
We don't use it this way, but it looks like the linux tac_plus daemon
supports authorization ACLs. See the line "acl = dial_only" at
http://www.linuxcertif.com/man/5/tac_plus.conf/#EXAMPLE_TAC_PLUS_CONFIGURATION_311843h
Christopher Hunt
luismi wrote:
Hi,
We have here several Cisco device
Hi,
We don't use here ACS, just tacacs-server over linux.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
You can do it using ACS if you have an ACS server. The way we've done it is
create groups of devices and then just assign the user whatever rights and then
only allow said user to access that group of users. Works well. Outside of ACS
I'm not sure if there's a way. If you want more details let m
Hi,
We have here several Cisco devices and I would like to know if it is
possible to filter who get access to some specific devices using the
tacacs.conf file or the AAA configuration inside the devices.
Is that possible?
___
cisco-nsp mailing list ci
18 matches
Mail list logo
