Hallo,we're setting FPR with ASA Image for VPN remote access. The users will get private IP addresses that are routed in the local LAN, so no NAT in between. As far as I understand now, these IPs are reachable from anywhere in the LAN. How would I se...
Forum Posts
I have got another problem I am trying to solve... When I use this URL to get the access rules for a policy, it gets the rules for its parent as well... “/api/fmc_config/v1/domain/{domain_id}/policy/accesspolicies/{accesspolicy_id}/accessrules?limit=...
Hi I have read a statement same-security-traffic is not applicable on FTD. Traffic between FTD interfaces (inter) and hairpinning (intra) is allowed by default, so i thought multiple interface in same security zone in FTD by default allow Communicati...
Hi,I have to replace a Cisco Firepower Management Center 2000 with a FMC 1600. Cisco does not support this migration path. The FMC is standalone, managing 2 FTDs in HA. Current software version is 6.4.0.14. What would be the best way of the replaceme...
Hi team,I am using the API to create an access policy with the following URL with the POST action. {{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/policy/accesspolicies The data (body in the POST) is like this. The prefilter poli...
Hello everyoneIP have a problem - my FXOS control drops intermittently (see the screens)Only power-off and on helps but not so long, for about 3 monthsI thought there is a bug https://bst.cisco.com/bugsearch/bug/CSCvi87019, but FXOS ver. is 2.8(1.105...
Hello.On an ASA 1120, what is the result of placing on the outside interface, an ACL with a single entry "permit IP any any"?Thank you.
Hi all, I've been playing around with the REST API for FMC today, as I need to test migration from our current ASA Platform. Ideally I'd like to use the API to bulk create subinterfaces, to save me doing it in the GIU (and to ease deployment time). I...
Would this be a legitimate Nat statement on the ASA if I have a router in parallel with the ASA on the same inside subnet? (router also has an IP from "outside" subnet). It is in parallel to take VPN load off ASA.nat (inside,inside) 1 source static i...
TAC has said that this is a bug in version 6.7 and an update is required. This behavior shown is a cosmetic error and has no real impact on your devices. It happens because of depricated features on version 6.7 This is described on the bug: https://b...
Hi,Since 2019 we are using ASA running on Firepower2120. We started with ASA 9.10.x through 9.12.x, 9.14.x and yesterday upgraded to 9.16.3.23.We have four Firepower2120 devices, and two of them are running in multicontext active/active HA mode with ...
We have the following equipment, with a number of VLANs running on top:ASA 5510|DellPowerConnect 6224 (acting as a layer 3 device to route traffic between vlans and act as switch for servers etc.)|Catalyst 2960 (acting as layer 2 switch for desktops ...
What can be an issue for partial SNMP failure. It's getting other details but at same time reporting "port count 0" uspaltwrr01dre128-cz1, SNMP: Error: Port count is 0. Incomplete data received.,Devices:0,Ports:0,UserPorts:0,NoNACPorts:0,SNMPVersion:...
I have the network configuration as in the picture. When I make traffic from 192.168.2.50 toward 192.168.1.x.the data are sent to default gw (as due): the ASA, but the ASA doesn't redirect to 192.168.2.2, the gateway for the 192.168.1.0 network.The A...
Hi.On an ASA5525 within a vanilla configuration, because of default "0, 50, 100" security levels, and also because default is "sysopt connection permit-vpn",Is there a general need to place any ACL on the outside interface?Thank you.
