Hello, site to site tunnel is up on the firewall but the packet encap is showing 0. It looks like ASA is not sending any encrypted packet to the tunnel. Any suggestion?
Forum Posts
Resolved! ASAv no dhcp (CML)
Hello, I have the following topology: I am trying for the first time to configure the firewall-1(ASAv) on cml and I want to use a static ip address for the desktop-0-in, all the configurations guides i checked use dhcp. I have configured the firewall...
Hi all,Is there any option for bug searching using the ASA version like Cisco IOS Software Checker? . I will like to find this information for IOS 8.2 in particular. I need to search based on Cisco ASA IOS 8.2 and not by known bug . https://tools.c...
Resolved! Configure CA Server - Nexus 9k
Is it possible to configure my Nexus 9k to be a CA server? If so, please provide configuration guide link/URL. Thank you!
Hello!I would like to know if Firepower Services Module will work with ASA Active/Active setup? Ideally it should as when we add it to FMC for ASA Active/Standby it works as 2 separate independent modules. If anyone has seen this setup, please share ...
Dear Community, I want to implement IPS on some ACP rules but had a few questions before doing so: 1) The documentation states the following regarding the Network Analysis Policy: "By default, the system-provided Balanced Security and Connectivity ne...
I have 2 firewalls, one functions fine, the other hangs when typing some commands that could contain hostnames. Here are the 2x configs for DNS. FAST ASA: ASA-A# show run dns dns domain-lookup outside DNS server-group DefaultDNS name-server...
Hello, When managing a FPR4115 with multitennancy how does the FMC license count work. Is it: a. 2 licenses for the two FWs in the HA setup b. 14 licenses for the 7 instances per FW each I can´t find a license count doc the describes this. Thanks B...
Hello,We have a firepower sfr module that we can't access via ssh or via the ASA cli and I suspect that we need to do a reimage.I have done reimage of sfr modules on smaller ASA models before, but I believe it's a bit different on the ASA 5585-X. The...
Kind of an odd thing. We just had a vulnerability scan and a 2960 got pinged for supporting medium strength SSL cipher suites. I say strange cause I have 3 others that have the same IOS image and they didn't get pinged. Swap out the management IP ...
Resolved! FTD ignores rule from prefliter
Hello, I have a HA pair of FTD managed by FMC I have prefilter policy and I created a new rule.The traffic though is not hitting this ruleIt is initiated by DMZ and goes to inside and has NFS port I have other rules that are working ok in this zon...
When I attempt to ping my DC’s FQDN from my Firepower 1140 it resolves to an external IP address owned by Google.When I attempt to ping my DC’s FQDN from a client it resolves to the correct inside IP address.The FQDN form my DC is registered the IP a...
Resolved! Upgrade stand alone FTD image
We have a standalone ASA 5508-X running FTD 6.2 that we want to upgrade to 6.6. I don't have problems upgrading ASA firmware or FTDs through FMC or CDO, but I've been searching through documentation to upgrade to a later FTD version for an hour, and ...
Hey all, I'm having some issues viewing any Netflow connections being sent to an FTD and think something got broken in 6.6. I have a single Passive port on a FP2110 in my "Netflow" zone connected to an ISR4331. That ISR is sending Netflow data with...
Resolved! ASA-AWS - ASAv keeps crashing.
We have an ASAv configured in AWS. It keeps crashing periodically and I'm trying to determine the cause. Version: Cisco Adaptive Security Appliance Software Version 9.6(4) I've attached the "show crashinfo" output. Can somebody please assist?
