Hello everybody, today I have an issue regarding VPN filters for site-to-site VPNsat a ASA5525 running OS rel. 9.12(4)26. The customer has several site-to-site VPN tunnels and the issue occurwith each of them so I assume the reason is located in the ...
Forum Posts
I was attempting to upgrade a Firepower 1010 HA pair to build 7.0.1-84 and received the following error: Here is the stack trace:Failed to generate data after all imported ApplicationException:java.lang.UnsupportedOperationException: SmartAgentManag...
Resolved! Adding interfaces to a new FTDv !!
Hi there, As a first-time user of FTDv, I have concerns about adding a new interface to my new device. I have added the PLR license to this device. Could you please tell me if I need to disable the current license to add a new interface and if so, wi...
I am looking for the version of tomcat running on Cisco ACS 5.8.1.4. If any one can tell me this that would be great.
I am trying to organize our FMC firewall rules and need a logical way to group them together. I have explored the usage of Categories but it seems I would be creating over 100 "Groups" to clean up the layout of the rules. Is there another option that...
I upgraded all my firewalls from 9.4 to 9.8(4)12. They are running in single context routed mode. I disabled the rest-api agent, as per the upgrade instructions, while doing the upgrade. After upgrading the OS, I upgraded the Rest API package to asa...
Hi,In my Cisco ASA 55220 , I am unable to configure AAA.ASA is configured in transparent mode.Please find the error msg..ASA-MPLS(config)# aaa authentication enable console loCALERROR: aaa-server group loCAL does not existUsage: [no] aaa mac-exempt m...
HI, I have a FTD HA managed by FMC. Can we have 2 différent timezones and 2 différents NTP servers on each device ? the thing is that the FMC is managing many world wide sites and each site should have his own timezone. thank you
Hey all, I have 3 interfaces on a Cisco router, one points to LAN (GE0/1), another to DMZ (GE0/2), and the third one to WAN (GE0/0). Both LAN and DMZ ports are configured with IP NAT INSIDE and WAN is configured with IP NAT OUTSIDE. I have dynamic ...
Resolved! ISE Deployment sizing question
Dear Community,I have a question about the ISE deployment sizing. We rolled out ISE in a fully distributed model (2x Admin Node, 2x Monitoring Node, 2x Policy Node). Each node is fully independent, no sharing of personas on any node. Now, we rolled o...
Hi All,On ASA 5000-X series , we have no sysopt connection permit-vpn configuredWe have multiple site-to-site IPSEC tunnel to remote location configured on outside interface.We also have many ACL entries on outside interface for incoming traffic incl...
The management system at our HQ reaches out to the inside interfaces of the branch firewalls through site-to-site VPN tunnels for both pings and SNMP, and on the firewalls running ASA firmware, we use "management-interface inside." Is there a similar...
Hello,I have two FP9300 devices and each of those boxes have an old security module - slot1 (two slots are empty).Multi-instance deployment is used + HA failover FTD pair was configured between both 9300 devices.Now I want to add a brand new security...
Good afternoon, I've hit a bit of a wall so I'm requesting assistance from the experts. I have a single router with interfaces Gi0/1.1 and Gi0/3 placed in IN-ZONE and DMZ-ZONE respectively. The Zone-Pair with source as IN-ZONE and destination as D...
Hi Everyone, Does anyone know how to force the Cisco ASA to ping tools.cisco.com using IPv4? The WAN/External interface has both IPv4 and IPv6 configured and when pinging tools.cisco.com from the ASA directly, it defaults to IPv6, see below for outp...
