how to open port to allow external network to access internal server on ASA firewall
Forum Posts
Resolved! Firepower FTD high CPU
Firepower FTD CPU 07 spiked to 100% earlier today. And it corresponds to the same time there was a spike on snort03. Snort-busy Frame drops - Snort busy started averaging 100 drops/sec.Is there a way for me to identify what traffic may have started t...
Hi All,I have been having a hard time to integrate ISE with my Cisco FTD since most of the articles covers using the FMC. For my FTD device I am using FDM not FMC. What I am trying to accomplish is to block web whatsapps by user usage. I have been ab...
We have several deployments failing when there is a new LSP update on the FMC that gets pushed to the FTDs. It seems like the file copy jus stalls out anywhere between 10-90%. From the /ngfw/var/log/messages i see the following repeating until it tim...
Resolved! Firepower VPN Question
HiWE are going be setting up 12 site to site vpns to a 3rd party provider and they have said they will send us their root cert and we just need to create intermediates for the 12 tunnels from the root cert, is this possible and if so how please.?? Th...
using Ikev2, phase 1 comes up with no issues.PA side is getting "NO_PROPOSAL_CHOSEN".ASA side is getting "IKEv2 Negotiation aborted due to ERROR: Failed to find a matching policy".All our phase1 and phase2 match.yes, PRF is set, I have PRF set for Sh...
Say I have two AnyConnect profiles, one with Automatic Server Selection off and the other with Automatic Server Selection on. If a user opens up AnyConnect, which configuration will be applied to their AnyConnect?
im setting up cisco duo for the first time on asa 5525-x 9.14 . We are currently using anyconnect remote vpn with a tunnel connection profile and a group profile. Can i create a new tunnel connection profile and copy the existing one just change the ...
HelloI have a pair of Firepower 1120 running FTD configured a HA pair and managed locally with FDM. Should I need to manage the units directly, each has a MGT IP and they share the main and standby address on the INSIDE interface:UNIT 1: Management:...
Dear Community, We using Cisco ISE 3.1 integration with AD servers for Auth.C and Auth.Z There have 2 deployment nodes ( Pri & Sec Node ). There have 4 AD servers ( same domain name ). On ISE we join AD DC only 2 AD servers. In case these 2 AD server...
I need to migrate from CSM to FMC for Multicontexts firewalls to Multi-Instances FTD firewalls. however, the regular migration tool does not help as I have more than 12k rules on the CSM almost above 300K ACLs.it will be a big mess with ASA-FTD's cur...
Hi All I am wanting to downgrade my 1150 FTD from 7.2.5-208 to 7.0.4-55Is this a straightforward downgrade via the update section or should I be aware. Many thanks
Resolved! Cisco FTD and FMC
Dear All, I have two no of FTDs which is I need to configure in HA[A/S] in Date Center. As I dont have FMC at initial stage I am going to use to manage FTD thru FDM[native].Using this FDM I also need to configure interim RAVPN for admin users of vari...
Hi all im trying to renewal the self sign certificate of the ASA FDM by using the following commands at FDM expert mode:openssl genrsa -out privateserver.key 4096openssl req -new -key privateserver.key -out FP5516.csropenssl x509 -req -days 365 -in ...
Is the L-AC-PLS-3Y-S1 tied to just 1 serial number/device, or can it be used across multiple devices? I believe it is the latter - across multiple devices - but I just want to be certain. Secondarily, a related question, assuming we have 25-users (wh...
