Thanks Rob, I created this lab and you helped me out with a few things. I was missing the command that enables any-connect on the outside interface. Now, I entered these commands it works for me. Much appreciated, man!!!
Love your videos man! Thank you so much for producing such a great content! Those ASA/Security videos you are bringing up are inducing me to continue with my plan to study for CCNA Security. By the way...a friend of mine told that if i wanted to work in the security area, Cisco would be my last option to get certified on...what are your thoughts upon that? I love how ASA works and honestly, i love cisco, so that idea, just don't fit in my mind lol. PS: I'm also looking forward for you CCNP Troubleshooting videos (It's the last exam i need to take to get my CCNP completed)
Awesome! I'm glad you like them. I will be learn/testing new stuff and then recording as I go, so bank on a lot of content to come out over time. I don't know where they came up with that, but to each their own i guess. ASA is an interesting platform, I normally wouldn't start with ASA RA VPN, I would typically finish up with IOS Security, layer 2 and 3 and then hit ASA, but I have several projects I need to rollout with ASA. I will be wrapping up CCNP Switch in the near future, then it's on to TShoot. Tshoot will be heavily scenario based, since most tshooting I do is surrounded by that.
I just started to learn security, but I know that when you conf the int on asa you are not able to ping from low security level to the high security level. So I am missing that part in my lab, I am able to connect outside pc with vpn but I can't access inside network, any suggestion? Thank you
first thing you will need to do is add "inspect icmp" to the global policy map policy-map global_policy class inspection_default inspect icmp For low to high security level traffic from the outside, you'll need to permit that traffic in an ACL from low to high. What kind of RA VPN are you using SSL or Anyconnect? How you access internal stuff varies from there.
NAT is optional, but very commonly used. The endpoint I was connecting to didn't need internet access. If the endpoint did need internet access, then NAT exemption would have been implemented.
This was confusing. I left after the second "oops" at @21:00. Why not just redo the video and stream line it. Trying to give access from outside world and now I think I've screwed things up I'll have to unwind.
Okay dude, you obviously know what you are doing. I have just one tip for you. The next time you record any of these how to videos, you run through them a few times, or at least have cue cards to keep you focused. These vocal pauses are a bit distracting.
I updated the video, edited it, removed some content that wasn't necessary, thanks to all for your feedback, it helps me make better content!
Thanks Rob, I created this lab and you helped me out with a few things. I was missing the command that enables any-connect on the outside interface. Now, I entered these commands it works for me. Much appreciated, man!!!
Well done!
Love your videos man! Thank you so much for producing such a great content!
Those ASA/Security videos you are bringing up are inducing me to continue with my plan to study for CCNA Security.
By the way...a friend of mine told that if i wanted to work in the security area, Cisco would be my last option to get certified on...what are your thoughts upon that? I love how ASA works and honestly, i love cisco, so that idea, just don't fit in my mind lol.
PS: I'm also looking forward for you CCNP Troubleshooting videos (It's the last exam i need to take to get my CCNP completed)
Awesome! I'm glad you like them. I will be learn/testing new stuff and then recording as I go, so bank on a lot of content to come out over time.
I don't know where they came up with that, but to each their own i guess. ASA is an interesting platform, I normally wouldn't start with ASA RA VPN, I would typically finish up with IOS Security, layer 2 and 3 and then hit ASA, but I have several projects I need to rollout with ASA.
I will be wrapping up CCNP Switch in the near future, then it's on to TShoot. Tshoot will be heavily scenario based, since most tshooting I do is surrounded by that.
Rob Riker I'm looking forward then!! Thank you for the reply!
Hi thanks for ur video. I plan use vpn site to site. I have 20 brand and need brand to access head office. Which vpn should for me?
Thanks for this video! Very good. But, can you tell me if there´s a way without having ISE to the user change own password?
Is there a way to get Anyconnect users to pull DHCP from an internal DHCP Server and not the router?
I believe so, I'd have to look on how. I've done DNS internally before, but not DHCP.
What about interfaces on ASA did you configure them?
CCNA NEW yes, but via the cli
I just started to learn security, but I know that when you conf the int on asa you are not able to ping from low security level to the high security level. So I am missing that part in my lab, I am able to connect outside pc with vpn but I can't access inside network, any suggestion? Thank you
first thing you will need to do is add "inspect icmp" to the global policy map
policy-map global_policy
class inspection_default
inspect icmp
For low to high security level traffic from the outside, you'll need to permit that traffic in an ACL from low to high. What kind of RA VPN are you using SSL or Anyconnect? How you access internal stuff varies from there.
Rob Riker I have set up AnyConnect Vpn with SSL options, but you right I have to allow the traffic from low to high with this ipcm inspect command
One more question, which is the best way to conf the interfaces> int VLAN x or just int g0 for example?
I think, you missed to add NAT configuration part in the Video.
NAT is optional, but very commonly used. The endpoint I was connecting to didn't need internet access. If the endpoint did need internet access, then NAT exemption would have been implemented.
Hi.. From where can i download the AnyConnect Package file ?
Cisco.com
Is it free or partnership is reqd?
This was confusing. I left after the second "oops" at @21:00. Why not just redo the video and stream line it. Trying to give access from outside world and now I think I've screwed things up I'll have to unwind.
I updated the video, edited it, removed some content that wasn't necessary, thanks for your feedback, it helps me make better content!
Can the split-tunneling be done through asdm?
Yep, I don't remember the exact navigation off hand. But if you're under Client VPN, it can be done, you can reference an ACL when you configure it.
@@RobRikerTechChannel Thanks..
I wanted to ask you something on a VPN LDAP Config. How can I contact you?
post publicly so everyone can take advantage of the Q&A
Okay dude, you obviously know what you are doing. I have just one tip for you. The next time you record any of these how to videos, you run through them a few times, or at least have cue cards to keep you focused. These vocal pauses are a bit distracting.
I updated the video, edited it, removed some content that wasn't necessary, thanks for your feedback, it helps me make better content!
🤦🏻♂️