Network Security

Could not ssh to ASA after upgrading OS from 9.14.3.18 to version 9.1

Hi,We upgraded a pair of ASAs from version 9.14.3.18 to version 9.18(4)40. After that, we could not SSH into the ASA. At the moment, we can access the firewall via the console.I turned on debugging on the ASA while I attempted to SSH. The log file in...

Resolved! Firepower 1010 readiness check stuck at "Please Wait"

I have a Firepower 1010, on 7.0.0-94 that I'm trying to upgrade to 7.4.2-172. I ran the readiness check last night at 8pm. 12 hours later, at 8 am, it still says "Please wait" on the readiness check, and won't let me hit the upgrade button. Followi...

Resolved! Firepower 7.42 issue interface Management0 has no link

I'm in the process of upgrading all of my firepower devices from 7.2.8 to 7.4.2 as it is the suggested release. we use the data interfaces as the management interface for most remote devices. As I upgrade each one, I'm now presented with a critical w...

Problem with ssl decrypt-resign on Cisco Sefure Firewall

Hello, community,I'm solving a problem with ssl decryption using the decypt-resign method. I have made a subordinate CA for this purpose, which has the following X509 parameters:Certificate Authority: YesKey UsageUsages: digital signature certificate...

Resolved! Hyper-V VHD image for FMC virtual

Hello,Cisco install documentation refers to a VHD image for FMC virtual but I can't find that in downloads. Has anybody seen this file?Thanks

ASA RAVPN ACL's manually migrating to FTD

Hi, I have manually migrated the RAVPN configuration from an ASA to FMC/FTD. Believe I have all of the configuration setup correctly, my main concern is around the ACLs which permit RAVPN user access throughout the network. The RAVPN users use a pool...

Cisco FTD failover - Interface Virtual MAC Queries

Hello, I am working on setting up HA for FTD appliances for a customer. I have been using the syntax aaaa.bbbb.xxx1 and aaaa.bbbb.xxx2 usually for assigning interface virtual MACs on the primary and secondary respectively. I have the below queries re...

Resolved! FTD 2100 NTP timezone issue

Hello, We have HA pair of 2100 FTD appliances managed by VFMC running version 6.2.2.109. The issue is related to NTP. The FMC is pointed to our internal NTP server and is showing correct time and timezone. The issue is with FTD appliances which a...

Cisco Cloud Configuration - Unable to reach Cisco Cloud

Hey Folks, Recently I updated FTDs and FMC to 7.2.8. After the upgrade, I noticed unusual behavior on "Cisco Cloud Configuration". On all FTDs, I got the below error after upgrading, even though it was not raised before the upgrade: Threat Data Upda...

Resolved! Cisco Packet Tracer ASA 5506 Prevents Access to DMZ Servers

Hello everyone, I have a problem with my project, which is that the firewall in HQ prevents GRID network computers from accessing servers located in the DMZ, I tried writing many access lists but to no avail. Knowing that there is an IPsec connection...

SNMP V2C OIDs

Hi guys, is there a document that contains CISCO OIDs for SNMP Usage? I am trying to manipulate a router/switch's arp cache and ip routing through SNMP via their OIDs, but to no avail.Thank you

Cisco ASA 5520 Config help.

ciscoasa# show int Interface GigabitEthernet0/0 "outside", is up, line protocol is up Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) MAC address 001b.2ac2.5068, MTU 1500 IP address ...

FTD HA BREAK FROM FMC - deployment failed on standby

Hi support team,We have 2 FTD named EXT1 and EXT2. Before HA BREAKEXT1 - PRIMARY STANDBY READY EXT2- SECONDARY ACTIVE Now I did BREAK HA from FMC for the high availability. I'm able to see no connection on EXT1 but the previous active is now handlin...

Resolved! FirePower onboarding to FMC first policy deployment failure

I am trying to lab FMC deployment with the 90 evaluation. I added two virtual Firepower's to FMC but the starter policy that you must create when adding them, fails to deploy with the message "The deployment failed because the deployment packages did...