Pablo

Member Since: May 18, 2008

English
Pablo commented on anyconnect access site-to-site VPN in branch office problem in VPN 4 weeks ago

Hi Massimo, Since your Inside interface is not used as egress for any NAT there shouldn't be any...

Pablo commented on Cisco Firewall Overlapping Internal Network Issue in Firewalling 1 month ago

Hi, Yeah you need another device in between, it's not possible to configure 2 firewall interfaces...

Pablo commented on anyconnect access site-to-site VPN in branch office problem in VPN 1 month ago

Massimo, Configuration wise the VPN looks in good shape. I don't see how the u-turning NAT exempt...

Pablo commented on ASA RMA with Firepower on SSD in Intrusion Prevention Systems/IDS 1 month ago

Hi Peter, Here you go: Installation Procedure. Backup and Restore. HTH. Pablo

Pablo commented on Can we publish a web server to internet from another subnet? in Firewalling 1 month ago

Hi, As long as each country can reach the 10.1.x.x subnet; you should be able to publish the server...

Pablo commented on ASA 5506 - Another ASDM stuck at 17% or Unable to load the firewall's config in Firewalling 1 month ago

Hello, This is likely related to defect CSCuw54048 You can either access the ASDM from a host...

Pablo commented on vms unable to access internet via ASA 5505 in Firewalling 1 month ago

Joe, The main problem I see in your configuration is that you defined all your NAT entries as (any,...

Pablo commented on ASA RMA with Firepower on SSD in Intrusion Prevention Systems/IDS 1 month ago

Peter, Unfortunately SSD drives can't be natively swapped on the ASA. You have to re-partition and...

Pablo commented on anyconnect access site-to-site VPN in branch office problem in VPN 1 month ago

Hi Massimo, Can you provide a sanitized copy of the configuration from the 2 sites? __ __Pablo

Pablo commented on VPN Redundancy in VPN 1 month ago

Hi Simon, If you're working with the legacy crypto map configuration then you can implement the...

Pablo commented on Send ASA5505 logs to Kiwi syslog server in Firewalling 1 year ago

Hi Shaun,Can you paste the output of "show run logging"?Thanks.__ __Pablo

Pablo commented on Site-to-Site VPN cannot UP in VPN 1 year ago

Hi Kevin,Your ACL statements for NAT and interesting traffic need a little tweaking:On site A you...

Pablo commented on Configuring port triggering on the ASA 5505 in Firewalling 1 year ago

Hi,Unfortunately Pre-8.3 code you can't create a port trigger for a range of ports, the only...

Pablo commented on ASA 5505 - Access Rule issue in WAN, Routing and Switching 5 years ago

Hi Marco, I tried this on my ASA but had no problems at all,ASA(config)# show run access-listaccess...

Pablo commented on ACE with SSL with One ARM deployment in Application Networking 6 years ago

Cody,When dealing with virtualization ACE hardware resources are allocated to individual contexts...

Pablo commented on ACE - 4710 : NAT return traffic in Application Networking 6 years ago

Hi Thibault,I don't think you want to NAT the returning traffic from your servers with a different...

Pablo commented on ACE with SSL with One ARM deployment in Application Networking 6 years ago

Hi Cody,Did you already assign the resources for the Context in question?Is HTTP working fine?__...

Pablo commented on ACE class-map match url syntax in Application Networking 6 years ago

Adam, Shday,My bad please try config below:rserver redirect OWA  webhost-redirection https://%h/owa...

Pablo commented on ACE class-map match url syntax in Application Networking 6 years ago

Adam and Shday,I'll give you a hand on this =)Adam we can solve your problem only if you're doing...

Pablo commented on ACE backup-server and sticky in Application Networking 6 years ago

Hi Danilo,If your primary rserver goes down the sticky entries associated with that server will be...

Pablo commented on CCSP / CCNP Security in Certifications 6 years ago

Rodrigo,This information may help you."To address your concerns regarding the CCSP to CCNP Security...

Pablo commented on CCSP Security...Half way through and Cisco changes things again. What to do. in Certifications 6 years ago

Hi all,I think this post comes to clear the air and bring the peace back to the galaxy "To address...

Pablo commented on CSS11501S-C-K9 in Other Data Center Subjects 6 years ago

Hi Edmundo,Welcome!What exactly you mean by performance? LB performance, CPU performance?Perhaps...

Pablo commented on Configure 2811 terminal server in Remote Access 6 years ago

Hi Bruce,I'm pretty sure this post should help to get you on the right track.https://supportforums....

Pablo commented on Configure 2811 terminal server in Remote Access 6 years ago

Hi Bruce,I'm pretty sure this post should help to get you on the right track.https://supportforums....

Pablo commented on Need help with initial ACE 4710 config in Application Networking 6 years ago

Sweeeet! Great to hear the info was useful to get things on the right track Have a nice one!__ __...

Pablo commented on ACE failover and preempt in Application Networking 6 years ago

Glad to help buddy Have a great one!__ __Pablo

Pablo commented on CSS Service Down - Why? in Application Networking 6 years ago

Glad you upgraded... a reboot would've been just a temporary solution when it comes to keepalive...

Pablo commented on CSS Service Down - Why? in Application Networking 6 years ago

Hi,When you say "I can reach it fine directly and from the CSS." I'm assuming you mean ICMP reach...

Pablo commented on Need help with initial ACE 4710 config in Application Networking 6 years ago

Dave,Yup the configuration lines on the module and the appliance are indentical, I think more of...

Pablo commented on Need help with initial ACE 4710 config in Application Networking 6 years ago

Morning Dave,Gotcha, you're looking for something like thishttp://docwiki.cisco.com/wiki/...

Pablo commented on ACE failover and preempt in Application Networking 6 years ago

Hi Niklas,Sorry I overlooked the part where you mentioned tracking was required.Yup this possible,...

Pablo commented on CSM-SSL, can't import certificate in Application Networking 6 years ago

Awesome! Glad to be of help =)Have a good one!__ __Pablo

Pablo commented on Need help with initial ACE 4710 config in Application Networking 6 years ago

Hi Dave,If you have a one-armed design then you require Source NAT to get things workingpolicy-map...

Pablo commented on CSM-SSL, can't import certificate in Application Networking 6 years ago

Hmmm weird,Are you using the quit command after copying/pasting public and private key?SSLM-1(...

Pablo commented on CSM-SSL, can't import certificate in Application Networking 6 years ago

Hey Buddy,My best guess according to your description is that the keys on your ACE modules were...

Pablo commented on What do I need for Cisco ASA Specialist? in Certifications 6 years ago

Hi Todd,Perhaps you can clear up a couple of questions...What's going to happen with this...

Pablo commented on ACE failover and preempt in Application Networking 6 years ago

Hi Niklas,Yes you can achieve this on the ACE if you disable preemption from FT groups so that when...

Pablo commented on CCSP Security...Half way through and Cisco changes things again. What to do. in Certifications 6 years ago

Marcos,Totally agree with you! Cisco has a tendence to renew their certifications but at the same...

Pablo commented on CSS - Sticky via HTTP Header in Application Networking 6 years ago

Hi Norberto,Sure the CSM is also able to stick clients based on HTTP header, here is a config...

Pablo commented on Unable to ping VIP and VIP not in ARP in Application Networking 6 years ago

Sweeet! Glad to help =)__ __Pablo

Pablo commented on CSS - Sticky via HTTP Header in Application Networking 6 years ago

Hi Norberto,This is a basic configuration for stickiness based on HTTP headers.sticky http-header...

Pablo commented on Unable to ping VIP and VIP not in ARP in Application Networking 6 years ago

Jeff,Your VIP should be a /32 mask IP and that's the default on the ACE, try to rewrite your VIP...

Pablo commented on Unidirectional / Variable NAT on ASA in Firewalling 6 years ago

Hi Walter,I think what you need here is NAT exemption which allows a connection through the...

Pablo commented on Unable to ping VIP and VIP not in ARP in Application Networking 6 years ago

Jeff,Can you get a full show running from the Admin context (showing interface config), also get...

Pablo commented on Unable to ping VIP and VIP not in ARP in Application Networking 6 years ago

Hi Jeff,Seems like you didn't apply the ACL to permit the traffic to flow through the ACE, the ping...

Pablo commented on ACE Sticky Question in Application Networking 6 years ago

Hi John,This configuration would only work only if you're doing SSL offloading on the ACE, you don'...

Pablo commented on ACE VIP & ACL in Application Networking 6 years ago

Hi Ivan,Agree with you about the L7 inspection but in this case we're just doing L3 inspection so...

Pablo commented on SSL/TLS Handshake Failure with SSL Termination in Application Networking 6 years ago

Hi,The configuration looks in good shap, the only thing that seems to be misconfigured is the PAT...

Pablo commented on Strange Issue with ACE Cookie Stickiness - HTTP 503 Service Unavailable in Application Networking 6 years ago

Hi,As UHansen1976 mentioned this kind of issues are most of the times related to parse-length...

Bio












Pablo's Stats

Points237
Discussion started 0
Answers marked as Correct 23
Endorsed 0
Content Rated 3