Hello for everybody. I need to allow tcp and udp 123 port on external asa interface from two external ntp servers and block from any other. The following acl is currently applied on the external interfaceaccess-list OUTSIDE_NAT extended permit icmp ...
Forum Posts
Can anyone describe how PAP works between ASA and Microsoft NPS for RADIUS authentication and how MS-CHAP is different?Please don't tell me that PAP sends the password in clear text. I have taken PCAPs and I see no clear text shared secret or passwor...
Hardware: ASAv30Cisco Adaptive Security Appliance Software Version 9.9(2)1 Whenever I try to enter any show run command, for example "show run" or "show run access-list", the CLI terminal hangs up without generating any output and I have to close the...
How can i change th IP of the Firepower 1120 from the console port???
Hello All, We have a remote office where we run a standalone FTD 2140 appliance. Now there is the need to add that appliance to an existing FMC. The 2140 appliance has locally configured routing (inside & outside interfaces), several site-to-site VP...
Hello. I am trying to configure the dhcprelay enable q-inalextnet command on a Firewall, and it throws the following message:This interface is shared and cannot be configured with DHCP. I found that this is related with a bug ID CSCsv96850. I would l...
Resolved! Clear nat counters on cisco asa 5515-X
Hello for everybody. Is it possible to clear all nat counters on cisco asa 5515-x? Auto NAT Policies (Section 2)1 (inside2) to (outside_nat) source static obj-10.18.8.200 interface service tcp www 83translate_hits = 600, untranslate_hits = 31 In this...
Hello, I stumbled upon a problem today. I have an ASA with firepower services. I noticed that in the events some URLs are shown as numbers and the action is blocked. Is there anything, in particular, I could check to see what kind of error this is?...
Hello Everyone, I hope you are all doing well, despite whats going on with the pandemic. Anyways, I was trying to improve the Host Profile quality exploring several alternatives. Nmap, API, etc. At this time I focused on nmimport.pl and was able to a...
Hi all, We have a server which requires to go out on a specific interface "outside3". I tried to set it up so it will route to outside3 but somehome the traffic still go out at outside2. This is what I configure for that change:access-list outside3...
Resolved! VPN tunnel is not up in ASA context
Hello,I have created a new context in cisco ASA5525 and configured site to site VPN in context. Phase -1 is not coming up and i am getting the below messages while running debug. We have a tunnel configured to same peer IP from a diffrent location h...
Resolved! 9.4.x > 9.8.4.20 ASA Upgrade
hi,due to the recent ASA CVE alert, i need to do an upgrade 9.4 > 9.8.https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-73830 just want to confirm that i can upgrade directly 9.4 > 9.8 as per link below:https://www.cisco.com/c/en/us/td/do...
We are hosting a web page and it can be viewed internally by it's private IP (192.168.42.4). It can be viewed externally when using our public IP address. However it cannot be loaded internally by using the external IP. It asks to log in (to the rout...
Hi,In an existing network setup i have an ASA with route based tunnels to Microsoft Azure and AWS.How would i allow for remote vpn connections (Anyconnect) to access the resources over these tunnels? As i also have vpn tunnels to other sites.I am afr...
Hi ,I have an ASA 5506x and need to throttle down the download link (upload as well but later).I have tried the QoS policing feature using both input/output and ASA does police but the link is unusable - pings keep dropping when I just open a website...
