Pablo

Member Since: May 18, 2008

User Badges:
  • Cisco Employee,

English
Pablo commented on ASA 5505 - DMZ in Firewalling 3 months ago

From the ASA are you able to ping the gateway IP or something outside such as 8.8.8.8 Can you post...

Pablo commented on ASA 5505 - DMZ in Firewalling 3 months ago

That just means they belong to the default vlan 1. Are you able to ping the ASA's Inside IP from...

Pablo commented on ASA reverse nat in Firewalling 3 months ago

Angelo, Assuming that with "reserve nat" you're referring to the NAT control feature then that's...

Pablo commented on ASA 5505 - DMZ in Firewalling 3 months ago

On top of what Philip added, there's no good reason to have "no-proxy-arp" in the port forwarding...

Pablo commented on ASA PBR in Firewalling 4 months ago

Hi, The problem is that you're blackholing the DHCP requests on the clause 30 of your route-maps....

Pablo commented on ASA PBR in Firewalling 4 months ago

Hi, A couple of issues: You need to configure extended ACLs to match under the route-map access-...

Pablo commented on How can Cisco IOS Firewall be used to filter out sites specially youtube (https) in Firewalling 5 months ago

Short answer, you can't block HTTPS with built-in IOS features.  You can explore the following...

Pablo commented on Static route over a VPN tunnel in VPN 5 months ago

Douglas, Nope, that won't work because you're still using the ASA itself as the next hop which is...

Pablo commented on Static route over a VPN tunnel in VPN 5 months ago

Hi Douglas, Neither of the proposed static routes will work because you can't set the next hop of...

Pablo commented on ASA to Nexus NAT not working in Firewalling 5 months ago

Hi, Is this an ASA cluster or a HA failover pair?   Yes ** this was an OR question** These are 2...

Pablo commented on ASA 5505 From DMZ server to Inside server in Firewalling 5 months ago

Hi, If you don't need NAT for that connection then there's really nothing to it, you just need to...

Pablo commented on Access Public IP Address Internally in Firewalling 5 months ago

Hi,This should do the trick for you:nat (Guest,dmz) 1 source static any any destination static 184....

Pablo commented on How to forward ASA DMZ to another router and still NAT? in Firewalling 5 months ago

Hey Matt, Yeah, the NAT should still work after following the steps you outlined. The 3750 will...

Pablo commented on ASA 5505 not using default route in Firewalling 5 months ago

Hi, What's the status of the interface when it's connected to the RV110W? Can you configure an ARP-...

Pablo commented on ASA to Nexus NAT not working in Firewalling 5 months ago

Hi, Is this an ASA cluster or a HA failover pair? Can you ping from the ASA to Server 2? Are you...

Pablo commented on How to forward ASA DMZ to another router and still NAT? in Firewalling 5 months ago

Matt, The introduction of the 3750G shouldn't represent much of a difference for the ASA. I'm...

Pablo commented on VPN Clients gets connected, I can ping from the client's PC to the router and LAN behind it but not the other way around in VPN 6 months ago

Frank, Problem seems to be that you don't have a NAT exemption entry from the local LAN to the VPN...

Pablo commented on anyconnect access site-to-site VPN in branch office problem in VPN 7 months ago

Hi Massimo, Since your Inside interface is not used as egress for any NAT there shouldn't be any...

Pablo commented on Cisco Firewall Overlapping Internal Network Issue in Firewalling 7 months ago

Hi, Yeah you need another device in between, it's not possible to configure 2 firewall interfaces...

Pablo commented on anyconnect access site-to-site VPN in branch office problem in VPN 7 months ago

Massimo, Configuration wise the VPN looks in good shape. I don't see how the u-turning NAT exempt...

Pablo commented on ASA RMA with Firepower on SSD in Intrusion Prevention Systems/IDS 7 months ago

Hi Peter, Here you go: Installation Procedure. Backup and Restore. HTH. Pablo

Pablo commented on Can we publish a web server to internet from another subnet? in Firewalling 7 months ago

Hi, As long as each country can reach the 10.1.x.x subnet; you should be able to publish the server...

Pablo commented on ASA 5506 - Another ASDM stuck at 17% or Unable to load the firewall's config in Firewalling 7 months ago

Hello, This is likely related to defect CSCuw54048 You can either access the ASDM from a host...

Pablo commented on vms unable to access internet via ASA 5505 in Firewalling 7 months ago

Joe, The main problem I see in your configuration is that you defined all your NAT entries as (any,...

Pablo commented on ASA RMA with Firepower on SSD in Intrusion Prevention Systems/IDS 7 months ago

Peter, Unfortunately SSD drives can't be natively swapped on the ASA. You have to re-partition and...

Pablo commented on anyconnect access site-to-site VPN in branch office problem in VPN 7 months ago

Hi Massimo, Can you provide a sanitized copy of the configuration from the 2 sites? __ __Pablo

Pablo commented on VPN Redundancy in VPN 7 months ago

Hi Simon, If you're working with the legacy crypto map configuration then you can implement the...

Pablo commented on Send ASA5505 logs to Kiwi syslog server in Firewalling 2 years ago

Hi Shaun,Can you paste the output of "show run logging"?Thanks.__ __Pablo

Pablo commented on Site-to-Site VPN cannot UP in VPN 2 years ago

Hi Kevin,Your ACL statements for NAT and interesting traffic need a little tweaking:On site A you...

Pablo commented on Configuring port triggering on the ASA 5505 in Firewalling 2 years ago

Hi,Unfortunately Pre-8.3 code you can't create a port trigger for a range of ports, the only...

Pablo commented on ASA 5505 - Access Rule issue in WAN, Routing and Switching 6 years ago

Hi Marco, I tried this on my ASA but had no problems at all,ASA(config)# show run access-listaccess...

Pablo commented on ACE with SSL with One ARM deployment in Application Networking 6 years ago

Cody,When dealing with virtualization ACE hardware resources are allocated to individual contexts...

Pablo commented on ACE - 4710 : NAT return traffic in Application Networking 6 years ago

Hi Thibault,I don't think you want to NAT the returning traffic from your servers with a different...

Pablo commented on ACE with SSL with One ARM deployment in Application Networking 6 years ago

Hi Cody,Did you already assign the resources for the Context in question?Is HTTP working fine?__...

Pablo commented on ACE class-map match url syntax in Application Networking 6 years ago

Adam, Shday,My bad please try config below:rserver redirect OWA  webhost-redirection https://%h/owa...

Pablo commented on ACE class-map match url syntax in Application Networking 6 years ago

Adam and Shday,I'll give you a hand on this =)Adam we can solve your problem only if you're doing...

Pablo commented on ACE backup-server and sticky in Application Networking 6 years ago

Hi Danilo,If your primary rserver goes down the sticky entries associated with that server will be...

Pablo commented on CSS11501S-C-K9 in Other Data Center Subjects 6 years ago

Hi Edmundo,Welcome!What exactly you mean by performance? LB performance, CPU performance?Perhaps...

Pablo commented on Configure 2811 terminal server in Remote Access 6 years ago

Hi Bruce,I'm pretty sure this post should help to get you on the right track.https://supportforums....

Pablo commented on Configure 2811 terminal server in Remote Access 6 years ago

Hi Bruce,I'm pretty sure this post should help to get you on the right track.https://supportforums....

Pablo commented on Need help with initial ACE 4710 config in Application Networking 6 years ago

Sweeeet! Great to hear the info was useful to get things on the right track Have a nice one!__ __...

Pablo commented on ACE failover and preempt in Application Networking 6 years ago

Glad to help buddy Have a great one!__ __Pablo

Pablo commented on CSS Service Down - Why? in Application Networking 6 years ago

Glad you upgraded... a reboot would've been just a temporary solution when it comes to keepalive...

Pablo commented on CSS Service Down - Why? in Application Networking 6 years ago

Hi,When you say "I can reach it fine directly and from the CSS." I'm assuming you mean ICMP reach...

Pablo commented on Need help with initial ACE 4710 config in Application Networking 6 years ago

Dave,Yup the configuration lines on the module and the appliance are indentical, I think more of...

Pablo commented on Need help with initial ACE 4710 config in Application Networking 6 years ago

Morning Dave,Gotcha, you're looking for something like thishttp://docwiki.cisco.com/wiki/...

Pablo commented on ACE failover and preempt in Application Networking 6 years ago

Hi Niklas,Sorry I overlooked the part where you mentioned tracking was required.Yup this possible,...

Pablo commented on CSM-SSL, can't import certificate in Application Networking 6 years ago

Awesome! Glad to be of help =)Have a good one!__ __Pablo

Pablo commented on Need help with initial ACE 4710 config in Application Networking 6 years ago

Hi Dave,If you have a one-armed design then you require Source NAT to get things workingpolicy-map...

Pablo commented on CSM-SSL, can't import certificate in Application Networking 6 years ago

Hmmm weird,Are you using the quit command after copying/pasting public and private key?SSLM-1(...

Bio

User Badges:
  • Badge.
    Cisco Employee

Pablo's Stats

Points282
Discussion started 0
Answers marked as Correct 31
Endorsed 0
Content Rated 3