I upgraded all my firewalls from 9.4 to 9.8(4)12. They are running in single context routed mode. I disabled the rest-api agent, as per the upgrade instructions, while doing the upgrade. After upgrading the OS, I upgraded the Rest API package to asa-restapi-7131-lfbff-k8.SPA. the file passes the verification check. Cisco Don't seem to have bothered to update any of the guide docs for this version
I have enabled the api again with no errors, but it does not work properly. I have two primary problems:
It no longer works with TACACS, where as it previously did. The TACACS server has the enable_1 user, as required. If I disable TACACS and only do local auth for http I can authenticate, but the API does not work properly. It doesn't seem to pass the username and password through correctly from the Rest API agent web server to the aaa process. The tacacs logs just show password incorrect. it definitely is not, as I log in to ssh with the same password.
Another example of weirdness: If I go to the https://firewall/doc/ I get a skeleton page with no information populated.
If I try and use the RESTClient addon for Firefox to get a page, even with the basic auth authentication set, I just get a response page asking for my credentials.
I am trying to solve a CSR signing issue in a home lab.Can someone clarify this theoretical point? According to Wikipedia: "Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The...
Threat Response integrates with Cisco's Web Security Appliance (WSA) to provide visibility into web-bourne threats. By adding a Web Security or SMA Web module to Threat Response, investigators will be able to search for domains, URLs, and file hashes th...
I was helping some friends and they were trying to solve a scalable VPN issues, specially these days with the pandemic situation.
I recommended to implement ASA VPN Load-Balancing.
This will allow to keep 1 FQDN for all RA-VPN users an...
Purpose of this article is to share our experience during that Covid-19 period where we were able to successfully setup a VPN configuration for remote worker using Alcatel 8068S phones with FTD 2110 running 188.8.131.52.I would like to thank all of my colleagu...