Hey guys - i have a couple of questions that I hope are quick to answer.
I have a need to provide users with a IP phone at home (extended leave, part timers, etc). The current plan is to provide them an ASA5505 that is configured to create the VPN tunnel over the internet (connects to a ASA5520). We also want to lock down the all the ports execpt e0/0 (outside interface) and e0/7 (the poe enabled phone port). I am tring to configure 5505 so that only the phone will get an ip, AND if they remove the phone, and plug in a desktop/laptop/etc, it wont work (ie - no ip address supplied, ports blocked, etc.). The users will need to use thier existing VPN on thier laptop to get network, we are just trying to supply them a "off site extension" of thier phoens.
So - Question 1 - Can I have the dhcp scope on the asa5505 defined to do a MAC based assignment?
Question 2 - If we cant lock down the scope by mac address, what ports, other than http and skinny (no sip phones here) would/should I block?
I have read up on the mac-list, and it seems that would work. My question now - how do I apply that to only 1 interface? Seems to me that, since its a global command, it will restrict on all ports, right?
I need e0/0 to be unrestricted, as I have NO idea what the mac address will be of the "dirty" side, but at the same time, e0/7 should be restricted to only the phone that I supply.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :