hi Would the below work? The source subnet will remain same but whether the users are trying the first destination or second, the requirement is that the destination is Nat'd to the same IP? I can see this working if initiated from internal but if in...
Forum Posts
Resolved! Best practices for ACP on FMC
I've been looking for best practices and found this: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/best_practices_for_access_control.html. I feel as if I'm missing something still. Last Friday ...
I believe that this is NAT issue. The issue is from the inside, when I try to ping or access anything in my DMZ1 or RA subnet it is send to the outside interface. I have confirmed this by doing tracert for 144.168.0.x and 124.140.0.x two other foreig...
Resolved! IP whitelisting
Hi,I want to whitelist a scanner host on our network that is triggering lots of intrusion events.I tried to right-click the IP address and the select "Whitelist IP now", and it puts the IP in the Global-Whitelist, but intrusion events are still gett...
Resolved! ISE 3.0 backup and restore
Does Cisco ISE 3.0 now backup and restore the certificates private keys?
Is there a way to have the ASA refresh its SNMP tables quicker than the default?
I am using version on 6.0 on a physical 1600 FMC, we have configured a proxy in order to download updates from FMC and things like this. In house we also have the Smart Software Manager Satellite for licenses.From FMC we are able to download updates ...
I have four RV345 routers. It seems that only certain routers are attacked by DDoS.Please refer to the attached log file.how to prevent DDoS attack? on routerThank you
I am using serial console of the device to login and want to see the used space of the image and whether the OS is loaded from USB drive of SSD disk. Can someone let me know the commands ?
Resolved! FMC Reports - "Failed to Generate"
Worked fine in version 6.1.0.4-17, but then,After upgrading sensors and threat defense center to 6.1.0.5-45,Custom and built in reports fail with "Failed to generate".Regardless of output type, html, pdf, csv.I even created new templates, same issue....
Hi all,I'm trying to do the following : service-template IOT_DEVICES_TEMPLATE sgt 3 vlan 100!class-map type control subscriber match-all AAA_SVR_DOWN_UNAUTHD_IOT_DEVICES match result-type aaa-timeout match authorization-status unauthorized ...
HelloWe have an ASA5510 v9.1.(7)32 at branch with configured IKEv2 site-to-site VPN to Head office.All traffic goes through VPN.ISP give an ip-address by DHCP with 4 gateways (yes, multiple), that randomly changes. Some of them reachable via ICMP, so...
Resolved! Do I need Threat License with FTD
All,I am starting to convert all my 5516x ASA with FirePower Services over to the full FTD image. I have 22 total to convert and have successfully converted 4 of them over. Now that those 4 are on full FTD image I need to use Smart Licensing instea...
Hello all,Very new here and to Cisco, so I apologize if this is not the correct spot to post.So I am a ACSS Certified Avaya Engineer and I am looking to get more into Networking.I have an older 5520 ASA that I was able to Factory Default and load the...
Resolved! FMC/FTD 6.5 IKEv2
HiI can see on our FMC/FTD that our tunnels use the default IKEv2 policy which includes DF 5,2 if I want to establish a new Tunnel but want to use DF 14 will this require creating another IKEv2 policy and selecting DF 14 or can I just simply select ...
