Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1460
Views
0
Helpful
6
Replies

Meaning print screen

Go to solution
sahrizal.zamri
Level 1
Level 1

‎12-07-2013 12:18 AM - edited ‎03-11-2019 08:14 PM

Hi, 

May i know the meaniung of 3 print screen below...

1. Why no VLAN at ASA FIREWALL ?? How to create via ASDM...

2. TO enter CISCO Anyconnect.........

3. TO access ASDM....

Labels:
Preview file
44 KB
Preview file
90 KB
Preview file
62 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-07-2013 11:17 AM

1. The only ASA that you can create VLANs on is the 5505. It looks like your screen shot is from a 5520 or similar model. They do not support VLANs. You can create subinterfaces like you do on a router if you need to be the gateway for multiple subnets on one physical interface.

2. The AnyConnect error indicates you are using an untrusted (probably self-signed) certificate on your ASA. You may furthermore be using the device certificate and not a proper server certificate that you would generate for the specific purpose of the VPN.

3. The Java error when launching ASDM is normal with the latest Java update. You can accept the message and proceed. I expect that eventually Cisco will release an ASDM update that will eliminate the message.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-07-2013 11:17 AM

1. The only ASA that you can create VLANs on is the 5505. It looks like your screen shot is from a 5520 or similar model. They do not support VLANs. You can create subinterfaces like you do on a router if you need to be the gateway for multiple subnets on one physical interface.

2. The AnyConnect error indicates you are using an untrusted (probably self-signed) certificate on your ASA. You may furthermore be using the device certificate and not a proper server certificate that you would generate for the specific purpose of the VPN.

3. The Java error when launching ASDM is normal with the latest Java update. You can accept the message and proceed. I expect that eventually Cisco will release an ASDM update that will eliminate the message.

0 Helpful

Go to solution
sahrizal.zamri
Level 1
Level 1
In response to Marvin Rhoads

‎12-07-2013 11:38 PM

Thanks sir,

1. Yes sir, cisco 5515-X

2. Is it safe to use untrust cert. Is it cert need to buy teh cert?

3. ok noted.

4. New question : How to SSL VPn with internet connection ( split tunnel ), attached my config...

     What is the "standard ACL & extended ACL" ? What is the meaning "Add ACL and Add ACE " ??

0 Helpful

Go to solution
sahrizal.zamri
Level 1
Level 1
In response to sahrizal.zamri

‎12-08-2013 06:00 AM

OK, just solved internet issue.......

2. Is it secure to use untrust cert. Is it cert need to buy teh cert?

   Can send the link to add ssl cert?

0 Helpful

Go to solution
sahrizal.zamri
Level 1
Level 1
In response to sahrizal.zamri

‎12-08-2013 06:58 AM

Hi,

After connected to anyconnect, can access to internet link that already use b4 that...but cant for new link...

can ping 8.8.8.8 , but cant google.com....

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to sahrizal.zamri

‎12-08-2013 07:22 AM

Cisco recommends using a trusted certificate to both ensure the ASA is the proper (trusted and verified ) one for your users to use. Also, most IT organizations do not like to burden their users with the need to accept untrusted certificates. If you import the ASA persistent self-signed certificate into your local Trusted Root CA store on Windows, you will not receive the error.

Add ACL vs. Add ACE - ACL is an Access Control List. A given list can one one or many lines (entries) each line is referred to as an ACE or Access Control Entry.

When you split tunnel, you want to specify that you are tunneling from your remote client to your networks protected by the ASA - i.e. generally the internal corporate networks. Anything not matching the ACL will not be tunneled over the remote access VPN and thus just go out the local client's non-VPN path.

0 Helpful

Go to solution
sahrizal.zamri
Level 1
Level 1
In response to Marvin Rhoads

‎12-18-2013 01:58 AM

Hi sir,

Why my vpn ipsec is not stable............need to logout everyday at asdm then connection ok...

how to check/troubleshoot ?  thank you

rgds,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card