I upgraded all my firewalls from 9.4 to 9.8(4)12. They are running in single context routed mode. I disabled the rest-api agent, as per the upgrade instructions, while doing the upgrade. After upgrading the OS, I upgraded the Rest API package to asa-restapi-7131-lfbff-k8.SPA. the file passes the verification check. Cisco Don't seem to have bothered to update any of the guide docs for this version
I have enabled the api again with no errors, but it does not work properly. I have two primary problems:
It no longer works with TACACS, where as it previously did. The TACACS server has the enable_1 user, as required. If I disable TACACS and only do local auth for http I can authenticate, but the API does not work properly. It doesn't seem to pass the username and password through correctly from the Rest API agent web server to the aaa process. The tacacs logs just show password incorrect. it definitely is not, as I log in to ssh with the same password.
Another example of weirdness: If I go to the https://firewall/doc/ I get a skeleton page with no information populated.
If I try and use the RESTClient addon for Firefox to get a page, even with the basic auth authentication set, I just get a response page asking for my credentials.
As of June 2020, the Cisco ISE pxGrid App for QRadar Ver 1.1.0 is officially Validated and released by IBM, available for download from IBM XFE. Access the link to download app here.
The Cisco ISE pxGrid App V1.1 supports Cisco Identity Se...
i have an ip that is part of our internal network, i configured route map on the core to redirect the traffic to the firewall for further inspection.i checked the firewall logs i can see the traffic is redirect to the firewall successfully. i could ping o...
Hi, 1)May I know wht it means when context visibility Status showing 'disconnected" and '(blank)'?Difference between 'disconnected" and '(blank)'. Since both devices also not connected.I found tht these devices are no longer connected to the swi...
Hi ,I would like to configure multiple public ip (same subnet) on outside interface of ASA.I want to use static NAT for specific purpose.For example i have 8 public IP and I want to use 1 is internet ,1 for VPN ,1 for DMZ server and all ip want to a...
Hi all, Is it a way to retrieve the IPS policies from our IPS Appliance or censor? I have tried to look for a way but I am not able to do so. May I knwo any way can retrieve the policies from the Appliance either from the Appliance itself o...