Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...
Forum Posts
Hi,logging monitor debugging enabled terminal monitor on I want only output of only debug crypto ikev2 platformbut all other traffic also showing , how can I filter ?Thanks
Hi All, I am looking for a few more details regarding the Cisco FPR-4140-NGFW device, which I cannot explicitly find in the hardware guides. The documentation says that apart from 8-fixed 1G/10G SFP ports, there are 2 network modules as well. I wante...
I am able to ssh inside IP address from a seaprate SecureCRT session. But when I ssh from a Cisco isr4331 router i am getting following error [Connection to IPADDRESS aborted: error status 0]. I did confirm Data Interface is allowing Inside interface...
Resolved! See what would be blocked with new ACL's
I think I have a relatively easy one. Currently our ASA 5515 with firepower services is only allowing browsing to trusted geolocation for internet browsing through Firepower services at our corporate location. We want to change that, and only allow o...
Hello. Our Smartnet contract expired and we bought a renewal license, our reseller sent us the new license that includes a PAK, when i try to activate the license and assign it to the ASA, it asks for a license key and gives directions on how i can f...
Resolved! Unable to SSH to ASA 5525-X
Hi,I have four admin users on my ASA all with level 15 access but not of them are able to SSH to my device.I have checked SSH settings and it is allowed. Is there anything I could have overlooked? I'm sure this has worked in the past as the device is...
I have 3 insides : Inside-01 : 172.16.1.0/24Inside-02 : 172.16.2.0/24Inside-03 : 172.16.3.0/24 From Inside-03, i can ping all range in Inside-01 From Inside-02, i can ping all range in Inside-01 except one ip(172.16.1.121) i disable all firewall in w...
Dear community, Cisco User Agent does not authenticate users. The problem is intermittent and sporadic, and resumes to work properly after restarting the FMC console or the FUA agent. Note: Firepower version is 6.6.1 and user agent is v2.5.1 Does a...
Resolved! registering FTDv Azure to FMC on-prem
Hei,I am trying to register FTDv in Azure to FMC on-prem over express route. I am getting error " "Discovery failed due to internal error contact TAC". I also see communication established messages. Used same configure manager add IP key nat-id on bo...
Resolved! inside,inside NAT on ASA
Hopefully my terminology is correct. I'm not a Cisco expert by any means. I have an ASA5506 at SiteA listening on 10.10.1.1 and an ASA5506 at SiteB listening on 10.10.20.1 and a site-to-site VPN between the two. I have another device at SiteA listeni...
Hi Guys, How to allow ping from INSIDE Interface to Management interface in ASA 5525. Cisco Adaptive Security Appliance Software Version 9.8(1) Regards,Ermias W
Resolved! Cisco ASA- AnyConnect VPN - setting MFA
Hello Guys, @Rob Ingram @balaji.bandi @Richard Burts @Joseph W. Doherty I had VPN setup with ASA with AD authentication with one of the server and its working flawless.I want to setup 2 MFA with Duo or Azure MFA, which is better solution? Also,...
In FMC 6.7.0 version what is the CLI Command to see user id with IP Mapping ? Below command does not seem like to work. root@FMC:~# user_map_query.pl --iu -i 10.7.228.28 WARNING: This script was not tested on this major version (6.7.0)! The results ...
Hi, I want to do a static nat for 192.168.1.10 to 2.2.2.10 so that the traffic comes through the second ISP. What need to be done on ASA side to achieve the above load balancer is a third party appliance Thanks
The ICMP logs (ASA-6-302021) we are currently receiving from the ASA do not contain the byte count for the packet. Is this design intent or a config issue?With the rise in hackers using icmp for exfil this is a critical piece of data. TIA Ihor
