Hii want to share my experience of deployment of CTS/SGT in campus built with C9Ks & ASA 5516X as WAN-edge router.C9Ks run 17.3.3 , ASA runs 9.12 . Simplified topology:To clarify on notes: on the ISE all C9Ks & ASA are configured for TrustSec, pac-pr...
I need to turn on FIPS to be stig compliant.In my asdm, i can go to a FIPS page and it is unchecked.If I check it, i understand that it will use higher grade security measures but should I be worried about everything breaking if I do? Thanks for any ...
All: What the latest status on DECRPC inspection of MS Windows RPC DCOM on ASA platform? There is discussion as far back as 2010/2011 (12 years ago) that the functionality was entirely broken with the latest versions of the protocol library from Mi...
Hi, I am using Nagios to monitor our windows server using WMI. So I configure the DECRPC on our ASA 5520 firewall but i still see the deny on port > 1024. Below is the configuration: class-map MSRPC match port tcp eq 135!policy-map type inspect...
Hi All, Planning to upgrade ASA 5505 from 8.2.5 to the latest stable version. Want to know the interim upgrades before latest stable version and link to the upgrade tool. Regards,Surya V
Hello -- Here's the situation I'm trying to figure out. I have an ASA5506 at SiteA 10.10.1.0/24 and an ASA at SiteB 10.10.20.0/24 with a site-to-site VPN between the two sites. This works perfectly. Also at SiteA, we have a managed service we pay for...
Hi, Does anyone know where I can find this information? We are trying to design a NextGen DC and it's one of the requirements. Thanks,
Hi Gentsi've setup campus with ISE-driven SGTs (not SXP). Canmus's NADs & FW r configured for TrustSec on ISE. They get authorized & pushed back with SGT-map configured only for this campus on ISE. Something like belowis visible on the switches with...
With Madhu KodaliWelcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to discuss configuration and troubleshooting IDS/IPS sensors with Cisco expert Madhu Kodali. Madhu is a senior QA engineer on the Intrusion Pr...
I have ASA 5525 Version 9.4(3)12 with DCE/RPC inspection enabled. I am unable to do RDP or join systems to domain getting the error as "DCERPC request non-standard major version 3 from" When I disable DCE/RPC inspection, everything works fine but...
Hi, I bought a Firepower 1010 from Amazon. I have a piece of paper which came with the device for licenses (FPR1000-ASA qty 20). I registered for smart license account and loaded a key on my device. But it says out of compliance on the device. Ho...
eem detect new devicecan i trigger an event if a new device is connected ?a unknown mac in the arp table or something cheers rick
Hi guys, I have read on Cisco Support Doc they mentioned that not to worry about LINA consumed high CPU as it is normal because the LINA process is constantly polling the Network Interface Cards (NICs) for input traffic. In short, the LINA process ut...
2900 running 15.7(3)M4b tenable showing SSH Weak MAC Algorithms EnabledNetwork Time Protocol (NTP) Mode 6 Scannerthe device is running SSH V2 any comment to help fix the issue would be appreciated thanks
Hi does anyone know of any good documents or URLs that provide best practice guidance on FMC deployment and configuration? The only one I've found is the FMC Sizing Guide https://salesconnect.cisco.com/#/search/Firepower%2520NGFW%2520FMC%2520Sizing...
