I have a FirePower 1100 for my home lab and for some reason, it lost DNS connectivity and lost registration. I did not notice and now I can't deploy changes. I connected to the CLI and tried to ping from system. When I try to ping from system I get t...
Hi to all,i am facing the following problem, please refer also to the png attached (i also have some information on the png attached).An IPsec VPN 2811 router tries to establish an IPSec vpn with an FTD. I have setup this config on the lab and i noti...
Hi to all,i was trying to find why the the vpn between an FTD and a cisco router could not come up and concluded to this:When i create the S2S VPN PtP topology if i just add the protected networks, the tunnel does not come up.For example if behind th...
Hi everyone,I have this basic scenario:(LAN) --------- (ASA) ---------- (DSL Router) ---------- (Internet)I am able to ping the DSL Router from the LAN but not vice versa. Is it a common case with the ASA deployed in between or am I missing something...
Hi All,Need your suggestion is fixing the login to ASDM. Getting Login Failed error even the same password works for SSH and also to download the launcher from https://ipaddress/admin. But when i login from ASDM getting Login failed error.I went thro...
hi Cisco,I am using below topology in my lab where ASA in multiple context - C1 and C2 sharing the same physical interface, in different VLANs (sub interface) is not able to establish EIGRP neighborship with 2 cisco routers (point to point). Although...
how can we change the management IP in FTD by FDM (locally managed)?
Hello Folks, I have a pair of ASA5516 with HA mode, ISP provides a high-speed WAN 500Mbps up/download, while doing some speed tests recently we noticed that all our tests from the inside network are not bypassing 100mbps, I checked all inside/outside...
During the FTD HA upgrade from FMC, if first standby is failed /corrupted during the upgrade ,will FMC will try to upgrade other devices in the failover pair or will abort the upgrade?.
I have a new isp on a 2nd outside interface. I would like to send all traffic from one ip range and only that range out over the new ISP.Currently Here is what I haveinterface GigabitEthernet1/1nameif Outsidesecurity-level 0ip address a.a.a.a 255.255...
Situation:-Server Will have a private IP natted with a public IP from firewallFirewall outside interface will have a public IP of same poolAll incoming traffic on outside interface from internet will be blocked on firewall and only Client IP address ...
After upgrading ASA to version 9.18.4 we are seeing Azure Traffic Manager probes being dropped (or discarded). In the logs we see 'TCP access denied by ACL from <traffic manager IP> to Outside Interface /443' It works fine when reverting back to 9.16...
HiI have created the VTI Interface for this but when I run packet tracer input the VTI I nterface is not in the list of available interfaces to use in packet tracer.??Any ideas anyone Thanks
Hallo,Is there a way to simulate a DoS attack in CML? I am doing a lab on CoPP and an attack is required but I am unable to generate this. Thanks.
Hello everybody, I have a Cisco 2911 that is Certificate Authority for various end hosts, and that deliver certificates to them. I would like to monitor the validity dates of the certificates by SNMP requests. I found this MIB that looked usefull ...
