Network Security

Can't ping ASA from end device via IPSEC Tunnel

Hi, I have 3 sites, A, B, and C. A - Would be the HUB.B - Spoke - WorkingC - Spoke - Not working. From site A end device I can ping the ASA from site B, but I can't ping site C even with the same configs and tunnels are up I still can't ping ASA site...

Phase 2 Mismatch Error

Getting this error on a production site to site VPN when it comes with a Phase 2 mismatch (see attached config): %ASA-4-106023: Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:d...

FMC/FTD VPN Question

HIIf the other end of the VPN isnt allowing an IP address could it cause the Drop below, I run a Packet-Tracer and it says VPN drop, the rule for our IP address is identical with exsiting VPN's I'm scratching my head,so do both peers ahve to match o...

Resolved! Firepower 1140 AnyConnect connection failure

Hi,teams I'm new to ASA and replacing an old ASA5516 with Firepower 1140 as VPN Gateway with AnyConnect.The VPN configuration for AnyConnect is the same as on ASA5516.When I attempt to connect VPN by using AnyConnect, It failed.This is what syslog sa...

Resolved! Loss of communication through ASA 5516 Firewall

We are experiencing communication loss issues to destinations behind our firewall. These packet losses are not constant but they happen quite frequently.We analyze the firewall logs and observe messages indicating an IP conflict on the outside inter...

Resolved! ASA is not encapsulating from IPSEC

I have a tunnel (ASA <> Meraki) tunnel is up and I can verify both ends.Problem is that, IPSEC from ASA can't encapsulate any packets but can decapsulate.

ASA S2S VPN to AWS - The decapsulated inner packet doesn't match the negotiated policy in the SA

Hi guys,I have an S2S VPN between an ASA 5506 (9.8) and AWS VPC that's partially working.Office network: 192.168.0.0/24 | AWS network: 172.30.0.0/16 and 172.31.1.0/24The tunnel has been created via ASDM, these days I'm almost not working with tunnels...

Resolved! FTD - Change AnyConnect port

Hi, How can I change the default TCP 443 port for AnyConnect clients connections to a different port? This port is already in use by another server accessible from the outside. I'm using the FMC. Thanks.

DHCPD issue with Firepower 7.0.1-7.1.0

So i have been deploying cisco FDM managed firewalls. I noticed an interesting bug with DHCP and 7.x code. If install a config via a backup, configure via API and upload a config, or deploy a template to a 7.x code using CDO to the firewall it botch...

Internet Access 5515-X ASA

I setup Cisco ASA 5515-X I can ping inside the network but still can't ping outside. I am using a AT&T modem/router utilizing IP Passthrough to send the outside IP directly to the ASA has a /23 subnet. Configured default route: route outside 0.0.0.0 ...

Resolved! I can't ping from ASA to directly connected device.

Hi, ASA (10.10.10.1 255.255.255.0) >> Windows Device (10.10.10.10 255.255.255.0) Ping won't work (I already disabled the firewall from Windows) Windows Device (10.10.10.10 255.255.255.0) >> ASA (10.10.10.1 255.255.255.0) Ping works. I already added...

Resolved! ASA 5545X Logging Error

Hello Everyone,I am getting a logging error 414002 in my ASA. I see that disk0:/syslog is full of files on some of my ASA's and some have zero files int the disk0:/syslog. Here are the error message(s) I am getting. They are similar, but just a littl...

Resolved! Does the appliance have an SSD Installed

I'm remotely trying to re-image an ASA5525-X and looking to put FTD code on it. But am unsure if the appliance has an SSD in it. I have captured the output from cli from some info on the forum suggested. Does the output in the attached with 'show inv...

Resolved! Replacing primary ASA in H/A pair

Hey folks! This weekend I will be replacing the primary ASA in my H/A pair of 5585Xs. What I mean by primary, is when I originally configured H/A, this unit was marked as the primary unit, and the other was the secondary. Is there anyone here who w...

Resolved! FTD console port cannot access

Hello all, I have a pair of FTD 2130 with A/P. They both have different mgmt IP address.Last week I got peer failed error so I tried to connect them via console port. I realized that I cannot connect to Standby device via console port while I can use...

Network Security

Forum Posts

Can't ping ASA from end device via IPSEC Tunnel

Phase 2 Mismatch Error

FMC/FTD VPN Question

Resolved! Firepower 1140 AnyConnect connection failure

Resolved! Loss of communication through ASA 5516 Firewall

Resolved! ASA is not encapsulating from IPSEC

ASA S2S VPN to AWS - The decapsulated inner packet doesn't match the negotiated policy in the SA

Resolved! FTD - Change AnyConnect port

DHCPD issue with Firepower 7.0.1-7.1.0

Internet Access 5515-X ASA

Resolved! I can't ping from ASA to directly connected device.

Resolved! ASA 5545X Logging Error

Resolved! Does the appliance have an SSD Installed

Resolved! Replacing primary ASA in H/A pair

Resolved! FTD console port cannot access

about FTD-V

Unable to edit and save a text object

CSCwo71835 - The NAS-IP-Address attribute is missing

FMC API to get real time VPN/S2S tunnel and CPU/Memory perf metrics

Firepower 2130 -how to resolve plugin 70658 SSH Server CBC Mode Cipher

Application PBR in FDM

SSH with X509v3 certificates

FPR‑4145 EOL/EOS ?

Firepower 4125 - how to resolve plugin 157288,

Cisco FMC QoS filtered by application