Network Security

Can't ping ASA from end device via IPSEC Tunnel

Hi, I have 3 sites, A, B, and C. A - Would be the HUB.B - Spoke - WorkingC - Spoke - Not working. From site A end device I can ping the ASA from site B, but I can't ping site C even with the same configs and tunnels are up I still can't ping ASA site...

Phase 2 Mismatch Error

Getting this error on a production site to site VPN when it comes with a Phase 2 mismatch (see attached config): %ASA-4-106023: Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:d...

Resolved! Firepower cluster dc-dr

Hi Guys, I have a firepower cluster, 2 on DC and 2 on DR connected through a nexus switch ( dark fiber) , i am getting mac flapping on the nexus , the Site ID on the chassis is both different. Can anyone advise please

FMC/FTD VPN Question

HIIf the other end of the VPN isnt allowing an IP address could it cause the Drop below, I run a Packet-Tracer and it says VPN drop, the rule for our IP address is identical with exsiting VPN's I'm scratching my head,so do both peers ahve to match o...

Resolved! Firepower 1140 AnyConnect connection failure

Hi,teams I'm new to ASA and replacing an old ASA5516 with Firepower 1140 as VPN Gateway with AnyConnect.The VPN configuration for AnyConnect is the same as on ASA5516.When I attempt to connect VPN by using AnyConnect, It failed.This is what syslog sa...

Resolved! Loss of communication through ASA 5516 Firewall

We are experiencing communication loss issues to destinations behind our firewall. These packet losses are not constant but they happen quite frequently.We analyze the firewall logs and observe messages indicating an IP conflict on the outside inter...

Resolved! ASA is not encapsulating from IPSEC

I have a tunnel (ASA <> Meraki) tunnel is up and I can verify both ends.Problem is that, IPSEC from ASA can't encapsulate any packets but can decapsulate.

ASA S2S VPN to AWS - The decapsulated inner packet doesn't match the negotiated policy in the SA

Hi guys,I have an S2S VPN between an ASA 5506 (9.8) and AWS VPC that's partially working.Office network: 192.168.0.0/24 | AWS network: 172.30.0.0/16 and 172.31.1.0/24The tunnel has been created via ASDM, these days I'm almost not working with tunnels...

Resolved! FTD - Change AnyConnect port

Hi, How can I change the default TCP 443 port for AnyConnect clients connections to a different port? This port is already in use by another server accessible from the outside. I'm using the FMC. Thanks.

DHCPD issue with Firepower 7.0.1-7.1.0

So i have been deploying cisco FDM managed firewalls. I noticed an interesting bug with DHCP and 7.x code. If install a config via a backup, configure via API and upload a config, or deploy a template to a 7.x code using CDO to the firewall it botch...

Internet Access 5515-X ASA

I setup Cisco ASA 5515-X I can ping inside the network but still can't ping outside. I am using a AT&T modem/router utilizing IP Passthrough to send the outside IP directly to the ASA has a /23 subnet. Configured default route: route outside 0.0.0.0 ...

Resolved! I can't ping from ASA to directly connected device.

Hi, ASA (10.10.10.1 255.255.255.0) >> Windows Device (10.10.10.10 255.255.255.0) Ping won't work (I already disabled the firewall from Windows) Windows Device (10.10.10.10 255.255.255.0) >> ASA (10.10.10.1 255.255.255.0) Ping works. I already added...

Resolved! ASA 5545X Logging Error

Hello Everyone,I am getting a logging error 414002 in my ASA. I see that disk0:/syslog is full of files on some of my ASA's and some have zero files int the disk0:/syslog. Here are the error message(s) I am getting. They are similar, but just a littl...

Resolved! Does the appliance have an SSD Installed

I'm remotely trying to re-image an ASA5525-X and looking to put FTD code on it. But am unsure if the appliance has an SSD in it. I have captured the output from cli from some info on the forum suggested. Does the output in the attached with 'show inv...

Resolved! Replacing primary ASA in H/A pair

Hey folks! This weekend I will be replacing the primary ASA in my H/A pair of 5585Xs. What I mean by primary, is when I originally configured H/A, this unit was marked as the primary unit, and the other was the secondary. Is there anyone here who w...

Network Security

Forum Posts

Can't ping ASA from end device via IPSEC Tunnel

Phase 2 Mismatch Error

Resolved! Firepower cluster dc-dr

FMC/FTD VPN Question

Resolved! Firepower 1140 AnyConnect connection failure

Resolved! Loss of communication through ASA 5516 Firewall

Resolved! ASA is not encapsulating from IPSEC

ASA S2S VPN to AWS - The decapsulated inner packet doesn't match the negotiated policy in the SA

Resolved! FTD - Change AnyConnect port

DHCPD issue with Firepower 7.0.1-7.1.0

Internet Access 5515-X ASA

Resolved! I can't ping from ASA to directly connected device.

Resolved! ASA 5545X Logging Error

Resolved! Does the appliance have an SSD Installed

Resolved! Replacing primary ASA in H/A pair

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

FMCv 7.2.5.1: High CPU load - how to troubleshoot?

Cisco FTD Migration from 4100 to 4245

My CSLU(Cisco Smart License Utility) can't login into Cisco.

same question, same issue, Intervlan routing not possible at FTD

Migrate from FMC virtual 300 to FMC virtual

FTD and FMC backup creating a sf-storage folder

Route Based VPN FTD

Multi instance 3120 FTD - Each instance in different FMC Domain

FDM DHCP Relay

Need expert help with Firepower intervlan routing