Resolved! fail to secure state
Is there a way to configure the ASA 5555X to fail to a secure state upon a failure?
Forum Posts
Hello I have two site linked by VPN with ASA 5525-X.In site A we have management network (172.16.30.0/28) where we have management ip of ASA 5525-X IPS (.172.16.30.14) and IPS (.172.16.30.13). The IPS has a default gateway interface vlan ip of bakbo...
Is there a way to restrict ICMP for the management interface of an FTD? I see how to restrict ICMP to the data-plane interfaces of the FTD and also how to restrict ssh access to the management interface of the FTD, but didn't see how to restrict ICM...
Hello AllWe are required to connect to one of our clients network. That is mostly over their L3 switches. The purpose to connect client is for log analysis. Have attached a indicative diagram showing possible connection we have on offer. The client i...
We switched (pure routing changes) from a pair of ASA5585 to FP4115 v7.0.2 w/ Snort 3, everything was running fine and then all of sudden nothing can pass through FTD. FTD syslog is normal, ASP drop is normal.We do find that the Snort has been restar...
Resolved! Only allow subnet to internet
Hi all, hoping to get your guidance here... hopefully, i am in the correct forum.how can i build an ACL to only allow a subnet to internet and no where else within the network?i have a VLAN xxx that i would like to deny access to everywhere and only ...
I have registered 3 FTD's thus far to FMC 7. We ordered an additional FTD that is not contract associated and when I try to register to the FMC all I get is a "Detected registration type supported by device" message and it never registers. I can't op...
We are running Virtual FMCs pair (FMCv) and currently we have license for managing 10 devices (SF-FMC-VMW-10-K9). However, we need to increase the license as our managed devices are more than 10. My questions is that can we add another 10 devices li...
Hello,I have several problems with Cisco Threat Intelligence. I want to block for example several ASN. I found their IP prefixes but sometimes Threat Intelligence doesn't block all IP prefixes in this IP scope so I manually blocked them. Is there any...
Hi All,I have a FPR1010-ASA-K9 which I bought new for my home office to replace a trusty old ASA5505 which served me for many years and I only decided to upgrade as I could finally get more then 100Mb/s internet. Since I have had this device it has a...
Problem: none of my machines in INSIDE interface is able to access internet. I am not able to ping 8.8.8.8 inside interface. What am I missing?ciscoasa# show running-config: SavedASA Version 9.18(1)!service-module 0 keepalive-timeout 4service-module ...
Good morning, I have two FTP 2110s in a HA pair managed by FMC. I am using the KVM version of the virtual FMC software. My upgrade from 6.6.5.2 to 7.0.4 failed (although the Readiness Check ran successfully), the VM became unresponsive. When I restor...
Hi all,we are running asr 1006 for cgnat and pilicing asi ISG (broadband)Authorisation is done via radius that is connected with our crm. (subscriber session authorisation)But last time we are receiving thousands of authorisation requests from 1-2 ma...
Hello, We need to migrate an ASA 5585-X to a FTD with about 1000 AnyConnect users. Authentication is done with both client certificates and Azure MFA. I am looking for some help with the steps required for doing this. I am guessing that I need to ins...
Connection timeout exception while trying to connect from encore to FMC server( command: ./encore.sh test). can you please let us know if any changes to make in estreamer.conf
