cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
339
Views
0
Helpful
6
Replies
skywalker_007
Beginner

Integration ASAv with umbrella

 We have ASAv ( version 9 in and 3DES license) in aws cloud

 

We have integrated ASAv with umbrella by following all steps described in cisco doc

 

however we still see umbrella status as UNKNOWN ,  on umbrella the Policy name is NEW Policy , so we identified that on ASA it has to be put with dash and not underscore  NEW-Policy

 

But even if policy tag is wrong , does UNKNOWN status rely on Tagging also

The token API , Certificate everything is correct

 

Umbrella registration: tag: NEW_Policy, status: UNKNOWN, device-id: , retry 0
Umbrella resolver mode: fail-close
Umbrella resolver ipv4: 208.67.220.220 - operational
Umbrella resolver ipv6: 2620:119:53::53 - operational
Umbrella: bypass 0, req inject 0 - sent 0, res recv 0 - inject 0, local-domain-bypass 0
DNScrypt egress: rcvd 174269, encrypt 0, bypass 74269, inject 0
DNScrypt ingress: rcvd 388473, decrypt 0, bypass 88473, inject 0
DNScrypt: Certificate Update: completion 269, failure 0

6 REPLIES 6

Hi

skywalker_007
Beginner

Hello ,anyone ?

 

What does the unknown status on ASAv mean? I cant find the http code also

 

takiadeen
Beginner

Hi Skywalker_007. 

haven't done it myself but I would expect the unknown mean its not reachable or there is inspection that blocking the flow such as sfr module. I can see the guide for configuring the connection advising to exclude port 53 and 443 to the umbrella IP's. 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa912/configuration/firewall/asa-912-firewall-config/access-umbrella.html

I hope this helps. 

 

Kind Regards

Taqi Al-shamiri 

Hi ,

 

Does ASAv has firepower ?

 

Because sfr is for firepower .

 

 

Hi Skywalker_007,


Apologies on my previous response as I assumed its an ASA X series which they have the module. ASAv as stated in your case doesn't have a module. Therefore, the sfr section doesn't apply to your scenario. However, checking the connectivity reason could be a good start to troubleshooting your issue.

 

Hopefully someone else might have a better idea on the possible reasons for this issue.  

 

 

 

I changed the TAG to correct one;

 

I can now see status as 

Umbrella registration: tag: VPN, status: 400 BAD REQ, device-id: , retry 0

 

I matched the API token and it is same .

 

for ASAv , i generated a token under the option Legacy network Devices in umbrella as per cisco documentation

 

I cant figure out why it does not work or integrate

Content for Community-Ad

This widget could not be displayed.