I can hardly believe it. ASA 9.4 has added proper PBR support.
Policy Based Routing
Policy Based Routing (PBR) is a mechanism by which traffic is ...
I have a development network that functions through another router inside the network. That internal dev network cannot reach the internet however you can ping, telnet etc to or from. I include a simple network diagram, sho route, sho ver and sho nat...
Today we updated our ASA 5505 from ASA 6.5xx to ASA 9.24, and as we know around 8.1 the way NAT was done was changed. I was under the impression that the ASA would "convert" most of the rules, and I figured I would have to recreate some of them that ...
Just wonder if there is such thing as "TAC Recommended FTD Version"? I used http://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-TAC-Recommended-AireOS.html#anc6 when I was upgrading a WLC cluster and hope t...
currently i am working on Migration Project, where i need to migrate Juniper SRX to Cisco ASA.
I am stuck between middle of this project, while converting to IPSEC VPN.
Please find below details:
1. Juniper has configured route based and pol...
I have a 5585X with 2 WAN interfaces.
One is the OUTSIDE interface which the default route points to.
The other is a VPN interface which I would like to use for Anyconnect VPN sessions.
I have configured PBR to set the next-hop of traffic sourced ...
I'm modeling a simple network in Packet Tracer.7.0:
The IP topology is functionning OK, PC0 can ping Server0 (there is a static route in the router 'Internet' 10.0.0.0 255.0.0.0 203.0.113.47).
Yet, NAT is performed only when a ping is sent...
Does the FPR 9300 running FTD image 6.x pass MPLS traffic in routed mode? In case we have two different ASs, peering on MP-eBGP with inter-AS option B and a FPR device in between, will the FPR allow labelled eBGP to come up and exchange t...
Hi guys, I hope someone can help. I need to do the following actions on the attached ASA
* Block all Internet from LAN
* Block all connections to 10.56.0.0 /16
* Block all connections to 10.57.0.0 /16
* Allow connections from LAN to 10.56.40.195/32,...
I want to order ASA 5515 with FirePOWER.
Did the new order include free 1 year licence for any FirePOWER feature, or should I purchase automatically licence ?
What is the minimum subscription recommanded ?
Hi,does anyone know if it is possbible to span out decrypted traffic from FirePower 4110 (mirror port) ?Also, does anyone have any good experience of using SSL inspection on FirePower?Any pitfalls to be aware of?Any feedback is much appreciated.
I would like to find out why my ASA 5501 is not loading the saved config when booting up automatically? I have never seen that before on a Cisco device, I have to manually copy start run to reload it once is up. Thanks in advance.
we are using a Cisco ASA Firewall pair for basic Access List, NAT and Site-2-Site IKEv1 VPN.
The firewall is just sitting there and there has not been any need of configuration change in last 1 year and there wont be any change in configuratio...
Running Firepower Management Center v18.104.22.168
I’m having 2 issues with NMAP and active discovery
First issue: Hosts discovered by NMAP are not being added to the network map. Only hosts discovered by passive discovery exist in the network map. Is t...