I use a ASA5505 as a easyvpn client to connect to a ASA5510 easyvpn server and everything is working fine. Now i want to add some security by using Individual User Authentication(IUA) on the server side with the command:
group-policy EZVPN_GROUP attributes
Again, everything is working fine, each device connected to the ASA5505(client) must authenticate via http. Now, i have a device that cannot authenticate and i want to create a mac-exempt. I try the following command on the client side (5505):
I finally found the solution. The easyvpn server must activate the device pass through for the client. The status of the device pass through on the easyvpn client can be seen with the following command:
The trick to enable the device pass through on a asa5510 easyvpn server is to enable the ip-phone-bypass in the group-policy. With this policy, the mac-exempt command will work on the easyvpn client.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...