- add asdm URL to Exception Site List in Java Control Panel
- add asdm URL to Compability View Settings in Internet Explorer
Nice guide here.
– make sure you have defined user on ASA with privilege 15
– make sure you have ssh scopy enable configured
– on your linux host enter pscp -pw <password> <filename> <username>@<ASA IP>:<location/filename>
something like: pscp -pw THISisp4ssw0rdf anyconnectfile.pkg firstname.lastname@example.org:disk0:/anyconnectfile.pkg
if you want to use scp with password prompt use: scp anyconnectfile.pkg email@example.com:disk0:/anyconnectfile.pkg
Simple configuration in GNS3 won’t work. All I get from debug is:
went from nsf_not_active to nsf_not_active
The solution is quite simple: under BGP process and neighbor statement add “disable-connected-check“
How to see if your router is under heavy VPN traffic? Configure netflow export and enter following command:
router# sh ip cache flow | i _32_.+
Recently I had a situation where customer asked me to configure remote access VPN on his old Cisco 871. Configuration was quite simple but I had problem with connecting iPhone to his network.
The solution is quite simple: apparently Apple doesn’t like 3des so I had to configure transformset like this:
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
my customer is peering with 2 ISP’s and has configuration with 2 BGP routers mutually connected with iBGP.
routers are reciving full tables from ISP’s and has 4 byte AS (XXXXXX).
recently we noticed that BGP session between customer and ISP2 is constantly flapping each 3 minutes. logs didn’t show anything useful
%BGP-4-MSGDUMP: unsupported or mal-formatted message received from X.X.X.X
I searched cisco forums and tried to isolate problem by inserting hidden command “neighbor X.X.X.X dont-capability-negotiate”.
%BGP-3-NOTIFICATION: received from neighbor X.X.X.X active 2/2 (peer in wrong AS) 2 bytes 5BA0
by reading this article I assumed that ISP is announcing itself with wrong AS.
problem was finally solved by entering command in global configuration mode (and removing dont-capability-negotiate)
ip tcp mss 1440
To learn something more about TCP MSS go here.