For IPsec Site-to-Site VPN, is the Firepower 2100 running FTD code supported/recommended or should we stick with the ASA code running on the FP2100?
Forum Posts
Have an ISPEC tunnel between an ASA and Router that will go down periodically and not be able to be brought back up and/or both sites can't reach each other unless the SAs are manually renegotiated on my end. Below is debug for platform/protocol 127 ...
Good Morning,Could someone please help me figure this out?I want hosts on 192.168.190.0 /24 (VLAN 10) to be able to have tcp communication with our screened subnet (VLAN 50) 172.20.33.0 /24 on certain ports, and blocking the rest with an ACL on the A...
Resolved! VPN Load Balancing on FTD
We are working on migrating our Anyconnect VPN services from ASA to FTD and have been reading there is native load balancing available on the ASA but not sure if it's ready/available on FTD. Also, we have Kemp load balancers that are possibly availab...
Hi, in the log messages for 302013, on outbound, is it possible to determine the source IP. Meaning who is the IP that initiates the connection? Or is the inbound/outbound indication + IP location in the message only indicating of the security levels...
Hi, I noticed something strange and wanted to share with the community and see if this someone has some info about this behavior. We have a daily Snort Rule Update set on the FMC ( probably not the best option - now I am thinking that weekly would be...
*This is branching from a previous post in a different section. After learning more I figured I'd ask the question in the correct section* Hi,I have a situation where these things happen, I'd try to describe it as thorough as I can.1: I can start a c...
We've just rolled out a new version of Anyconnect 4.10.0511 via SCCM, However some users' umbrella module has not been kept? We also have some build machines where we're not able to download the Umbrella module. We usually connect the machine to the ...
Resolved! tacacs configuration for FTD's via FMC
Dear All, we have a 2130 FTDs in high availability cluster (active standby) managed via FMC 4000. Firmware of both FTS and FMC is 6.2.3.6 with build 37. I need to configure the FTDs to get authentication via Tacacs (cisco ACS). I couldnt find exact...
I have over 1,200 firewalls to be managed and I can't find any documentation on the max number of network objects that can be created in FMC. I also need to know how many times a network object can be overridden. Any ideas?
Hi there,is it possible on the ASA to apply PBR on a NAT interface? PBR is matched by port that is not changed by NAT.
Resolved! ROMMON ASA 5516-X
Anyone have any ideas why I can't get into ROMMON ? Cisco Systems ROMMON, Version 1.1.13, RELEASE SOFTWARECopyright (c) 1994-2017 by Cisco Systems, Inc.Compiled Mon 10/16/2017 17:54:58.29 by wchen64Current image running: Boot ROM0Last reset cause: Po...
We have an HA pair of 2140 FTDs running 7.0.4 managed by an FMCv also running 7.0.4. We've had PBR configured since April of last year, which is allowing us to migrate to a new edge network with new Internet routers and set of ISPs running BGP. As we...
Please see attached image.Are these ACL entries indented only because the CLI presentation wanted to help the user see which ACE's have object groups?Are the object-group ACE's in any way related to the indented ACEs that follow it below?Thank you.
Resolved! ASA ipv6 6to4 or 6to6 nat ?
I have several sites connected via L2L tunnels with both ipv4 and ipv6 active but all traffic come through site1. for ipv4 I do object network obj_anysubnet 0.0.0.0 0.0.0.0object network obj_any6subnet ::/0 serverFakeIPSite1 192.168.100.1serverPubIPS...
