The timeout setting for a VPN group is 1 minute.vpn-idle-timeout 1However, even after one minute, the VPN will never be disconnected.What configuration do need?
Forum Posts
Resolved! ASA 5525 End-of-Life date confusion
Hi,I read a few EoL notices regarding ASA5525:https://www.cisco.com/c/en/us/products/collateral/security/asa-firepower-services/eos-eol-notice-c51-743545.htmlhttps://www.cisco.com/c/en/us/products/collateral/security/asa-firepower-services/asa5525-55...
Resolved! Cisco Umbrella License Consumption
Let 's say we have Cisco DNS Advantage license for 100 users. Scenario 1: NO VA appliance is deployed. NO AD Integration .All DNS queries are forwared by Organisation DNS server to CISCO umbrella and there is PAT device at the edge. Querry is , how C...
I have an HA pair of FTD 2140 firewalls, running 7.0.1. They are managed by an FMC running 7.0.4. The firewall is running BGP with its upstream and downstream neighbors. I would like to enable BFD between the HA firewall and the upstream and downstre...
We are deploying 2110 FTD's for L2L connectivity and had a question on the best cabling setup. Our current Internet and DMZ switches are stacked which we are moving away from this setup. What would be the best cabling setup to remove any SPOF with tw...
Resolved! Cisco ASA 5555 IDS Features
I have an ASA 5555 running version 9.8 and ASDM 7.8(2). I am looking to see if anyone can point me to any firewall features on the ASA that resemble IDS functionality. Because I have zones enabled on the firewall, thread detection is disabled. Other ...
Added SSL inspection policy and it works as desired. The issue is that Chrome does not like the FMC cert and will not allow me to access any HTTPS sites because the sites are re-encrypted with my FMC Cert. Has anyone else encountered this issue? -W...
I have a layer 3 switch (Cisco Catalyst 3560) with multiple vlans configured on it, and connect to this switch to the inside interface of ASA 5510 (default VLAN IP) All vlan have L3 interface with IP address, and for the clients the default gateway i...
Hello,I would like to ask if the license for the FMC vmware is perpetual or i have to renew it every year?ThanksIoannis Gerokostas
Hi, I am in the process of setting up a pair of FTD 2130 (HA). These are replacing our ASA's.FTD2130 purely used for Cisco AnyConnect. All my profiles are in place and remote AC connection works well. I am stuck on loading SBL Modules. I've followed ...
Hello i have HA FW CISCO 1010 ..so i want to upgrade the two FW active passive with FMC 4000. yesterday , the update is performed only on the FW2 but the upgarde is not performed in FW1 !!!? FW2 will be 70.4 but FW1 is still 6.6.1 ...
Hello, I have two questions regarding the FTDs ability to have management moved off the management interface to the outside interface. I do not have a FTD 1010 to play with in the lab. In the documentation it says that we can issue the command confi...
-------------------------------------Title:"Intrusion Event Not Occur"-------------------------------------Hello,I'm having trouble with IPS intrusion events not occurring as expected.Test traffic that should be dropped by IPS(Snort 3),On the FMC, No...
Hi recently we got an auditor requesting that we change the self-signed SSL on a cisco C1111-8P running IOS XE Version 17.3.4a because the SSL chain has been signed with a weak hash, in this case SHA-1. The following certificates were part of the cer...
Hello All,I'm trying to configure a rule on ASA from a list of URLs to private IPs, the config I have is below: dns domain-lookup outsidedns server-group DefaultDNS name-server 8.8.8.8object network private_ips range 10.0.0.0 10.0.0.20object network ...
