hi,i need to update the local username database in a multiple context ASA.just a quick question, do i just apply the username in "admin" context where AAA is configured or in "system" context?i can see the local username can be configured in both con...
Forum Posts
Resolved! FTD Standalone config to FTD FMC
Hey guys I have a production FTD that is FDM managed. I have added a new FTD into FMC for which now I want to grab the config off the FDM managed FTD and apply to the FMC managed FTD. What is the best way to go bout this? I could not find through the...
Hello I want to add a remote FTD to an FMC, I tried to configure a VPN between the FTD and the FMC but adding the device deletes the FTD configuration. The truth is I don't really know how this configuration can be done, and taking into account that ...
I am running into issues with a sub-interface so I need to change it to a physical. I'm nervous about making the change. Is there an easy way to change a sub-interface into a physical without renaming? I currently can't ping anything from the sub-int...
Resolved! fail to secure state
Is there a way to configure the ASA 5555X to fail to a secure state upon a failure?
Hello I have two site linked by VPN with ASA 5525-X.In site A we have management network (172.16.30.0/28) where we have management ip of ASA 5525-X IPS (.172.16.30.14) and IPS (.172.16.30.13). The IPS has a default gateway interface vlan ip of bakbo...
Is there a way to restrict ICMP for the management interface of an FTD? I see how to restrict ICMP to the data-plane interfaces of the FTD and also how to restrict ssh access to the management interface of the FTD, but didn't see how to restrict ICM...
Hello AllWe are required to connect to one of our clients network. That is mostly over their L3 switches. The purpose to connect client is for log analysis. Have attached a indicative diagram showing possible connection we have on offer. The client i...
We switched (pure routing changes) from a pair of ASA5585 to FP4115 v7.0.2 w/ Snort 3, everything was running fine and then all of sudden nothing can pass through FTD. FTD syslog is normal, ASP drop is normal.We do find that the Snort has been restar...
Resolved! Only allow subnet to internet
Hi all, hoping to get your guidance here... hopefully, i am in the correct forum.how can i build an ACL to only allow a subnet to internet and no where else within the network?i have a VLAN xxx that i would like to deny access to everywhere and only ...
I have registered 3 FTD's thus far to FMC 7. We ordered an additional FTD that is not contract associated and when I try to register to the FMC all I get is a "Detected registration type supported by device" message and it never registers. I can't op...
Hello,I have several problems with Cisco Threat Intelligence. I want to block for example several ASN. I found their IP prefixes but sometimes Threat Intelligence doesn't block all IP prefixes in this IP scope so I manually blocked them. Is there any...
Hi All,I have a FPR1010-ASA-K9 which I bought new for my home office to replace a trusty old ASA5505 which served me for many years and I only decided to upgrade as I could finally get more then 100Mb/s internet. Since I have had this device it has a...
Problem: none of my machines in INSIDE interface is able to access internet. I am not able to ping 8.8.8.8 inside interface. What am I missing?ciscoasa# show running-config: SavedASA Version 9.18(1)!service-module 0 keepalive-timeout 4service-module ...
Good morning, I have two FTP 2110s in a HA pair managed by FMC. I am using the KVM version of the virtual FMC software. My upgrade from 6.6.5.2 to 7.0.4 failed (although the Readiness Check ran successfully), the VM became unresponsive. When I restor...
