Jouni Forss

Member Since: May 22, 2007

English
Jouni Forss commented on ASA5510-K9 & SSM-4GE in Firewalling 2 months ago

Hi, Not 100% sure about the current situation but to my understanding there would be nothing that...

Jouni Forss commented on ASA5516-X SFR Portforword not working in Firewalling 2 months ago

Hi, Presuming that all the "object" configurations have the "host 192.168.8.11" under them then I...

Jouni Forss commented on NAT for IPSec S2S Tunnel after using AnyConnect RA SSL VPN in Firewalling 2 months ago

Hi, So essentially you need to configure NAT so that both your VPN Client users and LAN users need...

Jouni Forss commented on ssl vpn in VPN 2 months ago

Hi, I am not sure what this has to do with VPNs other than using the port TCP/443 I assume your...

Jouni Forss commented on Basic Asa Configuration 8.4 in Firewalling 1 year ago

Hi, You could first check if the ASA sees anything on the "outside" interface...

Jouni Forss commented on Its Regarding ASA--its urgent pls help in Firewalling 1 year ago

Hi, So the connection is coming from "outside" to "inside". The...

Jouni Forss commented on What is these message meaning after logging off in ASA in Firewalling 1 year ago

Hi, Seems to be something related to the remote SSH connection? Is your problem that you are seeing...

Jouni Forss commented on ASA error logs in Firewalling 1 year ago

Hi, Seems to me that the internal host is probably trying to connect to some remote host and the...

Jouni Forss commented on asa DMZ help in Firewalling 1 year ago

Hi, I guess one of the typical solutions would be to configure the server port to their own Vlan on...

Jouni Forss commented on http access on ASA in Firewalling 1 year ago

Hi, To my understanding the ASA only uses HTTPS/SSL connection for management purposes. You can use...

Jouni Forss commented on How to allow inside hosts access to talk to ASA public IP in Firewalling 1 year ago

Hi, I guess you would want to connect to hosts on the Internal LAN by using their outward facing...

Jouni Forss commented on ASA 9.2(2)4 vs 8.2(5)26 inter-interface routing in Firewalling 1 year ago

Just to add regarding NAT, If all of your customers use the same shared public IP addess as Dynamic...

Jouni Forss commented on ASA 9.2(2)4 vs 8.2(5)26 inter-interface routing in Firewalling 1 year ago

 Hi / Moi, I personally never used NAT or "security-level" to control traffic and...

Jouni Forss commented on ASA 5515 ASDM Access from remote network in Firewalling 1 year ago

Hi, So you said that you have this command management-access local Does "...

Jouni Forss commented on Assistance with Cisco ASA Design in Firewalling 1 year ago

Hi, I guess the way you implement the ACLs on the different sites depends mainly on how controlled...

Jouni Forss commented on ASA 5515 ASDM Access from remote network in Firewalling 1 year ago

Hi, The first thing that comes to mind is that you might be missing one command management-...

Jouni Forss commented on FWSM 2.3(5) and NAT CONTROL in Firewalling 1 year ago

Hi, To my understanding the command "nat-control" was introduced in the software...

Jouni Forss commented on ipsec vpn tunnel issue in Firewalling 1 year ago

Hi, As I already expected the "Type" field is not documented very well (or at all...

Jouni Forss commented on ASA 5515 9.2 port forwarding problem in Firewalling 1 year ago

Hi, You have a Dynamic PAT configured as your first NAT configuration. This will prevent any...

Jouni Forss commented on Stuck at work in Firewalling 1 year ago

Hi, Does everyone on the LAN have the problem? Can anyone connect to the Internet? Your post seems...

Jouni Forss commented on NAT question/bug that I cant explain in Firewalling 1 year ago

Hi, I never got around to opening a TAC case about this.  I have also forgotten a lot of things...

Jouni Forss commented on ASA Real-Time Logging Viewer -> not seeing ICMP from ACL in Firewalling 1 year ago

Hi, These commands disable the ASA sending/generating log messages of an ACL permitting or denying...

Jouni Forss commented on ASA Real-Time Logging Viewer -> not seeing ICMP from ACL in Firewalling 1 year ago

Hi, I guess the first thing I would have a look at is the complete "logging"...

Jouni Forss commented on IP which only allowed for PAT in Firewalling 1 year ago

Hi, You might be better of limitin the mentioned hosts from connecting to the Internet in the...

Jouni Forss commented on ASA 5505 ACLs, code 8.4(2) in Firewalling 1 year ago

Hi, With any software 8.3 or above the ACL will always reference the local IP address and NOT the...

Jouni Forss commented on ASA 5505 Firewall IOS Upgrade. in Firewalling 1 year ago

Hi, I vaguely remember that the 9.2 is the last software supported on the ASA5505 model. I think...

Jouni Forss commented on can not ping from inside switch to outside switch in GNS3 though packet tracer allow in both direction in Firewalling 1 year ago

Hi, If you are using L3 switches then confirm that they have the proper routing information to...

Jouni Forss commented on ASA Access Rules in Firewalling 1 year ago

Hi, The "security-level" value of an interface (for the most part) only affects...

Jouni Forss commented on NAT issue on ASA5510 using 9.01 in Firewalling 1 year ago

Hi, Again the output seems correct. Your output does seem to show CONN-SETTINGS and QOS Phases...

Jouni Forss commented on NAT issue on ASA5510 using 9.01 in Firewalling 1 year ago

Hi,   The "packet-tracer" output seems normal. If you mean the other Dynamic...

Jouni Forss commented on copying config files Asa Context Mode in Firewalling 1 year ago

Hi, If I am not mistaken you should be able to backup Context configurations from the Context...

Jouni Forss commented on ASA 5505 how to create a port forwarding rule in Firewalling 1 year ago

Hi, The NAT configuration itself is fine. Notice though that since we talking about a software...

Jouni Forss commented on Can I create a network object from CIDR format or do I need to use IP - netmask? in Firewalling 1 year ago

Hi, As far as I know the ASA does not support entering a network/subnet mask in such format in any...

Jouni Forss commented on Blocking ASa from sending a TCP RST packet in Firewalling 1 year ago

Hi, You will probably want to check the output of the command show run all service...

Jouni Forss commented on No NAT convertion to 9.x from 8.0 question in Firewalling 1 year ago

Hi, The overlap in this case should not cause any problems as this NAT configuration only applies...

Jouni Forss commented on ASA Only allowing one host out in Firewalling 1 year ago

Hi, Can't say I see any problem with the actual configurations. Have you monitored the logs from...

Jouni Forss commented on Cisco 5505 in routed mode - how to translate port 8888 to 3389 (Not NAT) in Firewalling 1 year ago

Hi, So you have a pretty new software level so the configuration below should be valid. ...

Jouni Forss commented on ASA 5520 Source based Routing in Firewalling 1 year ago

Hi, Here is a link to an older discussion related to similiar situation than yours. Or a discussion...

Jouni Forss commented on ASA 5520 Source based Routing in Firewalling 1 year ago

Hi, Have you considered changing the default route to point to the Untrust...

Jouni Forss commented on Cisco 5505 in routed mode - how to translate port 8888 to 3389 (Not NAT) in Firewalling 1 year ago

Hi, Are you saying that the actual host on the LAN has a public IP address directly configured to...

Jouni Forss commented on ASA TCP Idle Connection Timeout Suspense in Firewalling 1 year ago

Hi, Before looking for a bug I would check the ASA logs (hopefully you are storing them to a...

Jouni Forss commented on ASA "Show resource usage" in Firewalling 1 year ago

Hi, I think the "Hosts" probably just refers to unique hosts seen by the ASA. I am...

Jouni Forss commented on Allow PPTP pass through in Firewalling 1 year ago

Hi, If you have a device in the LAN to which you connect then I think you will need to configure...

Jouni Forss commented on ASA Global Timeout Setting in Firewalling 1 year ago

Hi, I would imagine you could configure policys that would change TCP connection timeout for users...

Jouni Forss commented on Cisco ASA 5510: Cannot Reach Public IP's from Inside Network? in Firewalling 1 year ago

Hi, You are only able to connect to a NAT IP address from behind an interface towards which the NAT...

Jouni Forss commented on NAT/PAT Pool exhausted in Firewalling 1 year ago

Hi, Well I would suggest listing all your NAT configurations that use a NAT Pool. In those cases it...

Jouni Forss commented on Bypass Implicit rule in ASA 5000 series in Firewalling 1 year ago

Hi, Well the Implicit Deny rule would point to a connection being dropped because it did not find...

Jouni Forss commented on ASDM Traffic Logs in Firewalling 1 year ago

Hi, Glad to hear all is working now. :) Please do remember to rate any helpfull answers or mark a...

Jouni Forss commented on Multiple MAC addresses for 1 VLAN interface in Firewalling 1 year ago

Hi, To my understanding your first problem is already the fact that you want to get multiple public...

Jouni Forss commented on Need direction on 5505 to 5512 migration in Firewalling 1 year ago

Hi, From what I can see you should be able to upgrade the ASA5505 directly to 9.3 software version...

Bio

I'm a Networking Engineer. Finished my studies in 2007. I studied through CCNA and CCNP in the Cisco Network Academy. This was for Routing and Switching.

I have worked at my local ISP since 2008.

I manage, configure and design current and new business customer networks.

Emphasis is on the Security and more specifically in Firewall and VPN services.

I've worked with PIX, ASA and FWSM.

Also used some C6500 and C7600 series devices VPN modules.

Some of my work requires me to configure our local MPLS network to connect the customer sites together and give them access to different services such as VPN, Datacenter Servers, etc

Currently I'm mostly working on migrating environments out of older firewall hardware and software.

I joined the Cisco Support Community to both receive and give help with Cisco devices/configurations.

I pretty much only participate on the Security section of the CSC and in there mainly on Firewall and VPN section.

I find that participating CSC has teached me a lot of small things I have never known about. It also gives me great ideas/opportunities to test network setups that I might have not even think about if I hadnt heard about it here.

LinkedIn:
fi.linkedin.com/pub/jouni-forss/1b/113/a29/

CSC Top Contributor Interview:
https://supportforums.cisco.com/docs/DOC-37916













  • Cisco Designated VIP

    2015 Security





  • Cisco Designated VIP

    2014 Security





  • Cisco Designated VIP

    2013 Security









Jouni Forss's Stats

Points10850
Discussion started 41
Answers marked as Correct 1625
Endorsed 21
Content Rated 22
Website: