Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2869
Views
0
Helpful
6
Replies

Integration ASAv with umbrella

skywalker_007
Spotlight
Spotlight

‎02-24-2021 05:06 AM

 We have ASAv ( version 9 in and 3DES license) in aws cloud

 

We have integrated ASAv with umbrella by following all steps described in cisco doc

 

however we still see umbrella status as UNKNOWN ,  on umbrella the Policy name is NEW Policy , so we identified that on ASA it has to be put with dash and not underscore  NEW-Policy

 

But even if policy tag is wrong , does UNKNOWN status rely on Tagging also

The token API , Certificate everything is correct

 

Umbrella registration: tag: NEW_Policy, status: UNKNOWN, device-id: , retry 0
Umbrella resolver mode: fail-close
Umbrella resolver ipv4: 208.67.220.220 - operational
Umbrella resolver ipv6: 2620:119:53::53 - operational
Umbrella: bypass 0, req inject 0 - sent 0, res recv 0 - inject 0, local-domain-bypass 0
DNScrypt egress: rcvd 174269, encrypt 0, bypass 74269, inject 0
DNScrypt ingress: rcvd 388473, decrypt 0, bypass 88473, inject 0
DNScrypt: Certificate Update: completion 269, failure 0

Labels:
0 Helpful
6 Replies 6

elsaid mahamod elsaid
Frequent Visitor
Frequent Visitor

‎02-24-2021 07:34 AM

Hi

0 Helpful

skywalker_007
Spotlight
Spotlight

‎02-24-2021 07:38 AM

Hello ,anyone ?

 

What does the unknown status on ASAv mean? I cant find the http code also

 

0 Helpful

takiadeen
Level 2
Level 2

‎02-24-2021 08:07 AM

Hi Skywalker_007. 

haven't done it myself but I would expect the unknown mean its not reachable or there is inspection that blocking the flow such as sfr module. I can see the guide for configuring the connection advising to exclude port 53 and 443 to the umbrella IP's. 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa912/configuration/firewall/asa-912-firewall-config/access-umbrella.html

I hope this helps. 

 

Kind Regards

Taqi Al-shamiri 

0 Helpful

skywalker_007
Spotlight
Spotlight
In response to takiadeen

‎02-24-2021 10:00 AM

Hi ,

 

Does ASAv has firepower ?

 

Because sfr is for firepower .

 

 

0 Helpful

takiadeen
Level 2
Level 2
In response to skywalker_007

‎02-24-2021 10:58 AM

Hi Skywalker_007,


Apologies on my previous response as I assumed its an ASA X series which they have the module. ASAv as stated in your case doesn't have a module. Therefore, the sfr section doesn't apply to your scenario. However, checking the connectivity reason could be a good start to troubleshooting your issue.

 

Hopefully someone else might have a better idea on the possible reasons for this issue.  

 

 

 

0 Helpful

skywalker_007
Spotlight
Spotlight
In response to takiadeen

‎02-24-2021 06:17 PM

I changed the TAG to correct one;

 

I can now see status as 

Umbrella registration: tag: VPN, status: 400 BAD REQ, device-id: , retry 0

 

I matched the API token and it is same .

 

for ASAv , i generated a token under the option Legacy network Devices in umbrella as per cisco documentation

 

I cant figure out why it does not work or integrate

0 Helpful
Customers Also Viewed These Support Documents