ASA 5580,系统版本是8.4(1),现在配置failover时,inside的接口无法启用lacp协议,两端都是active,对端交换机配置port-channel,debug发现有lacpdu报文发送,但是在ASA这边没有收到,同时asa也没有发送报文,导致port-channel一直是down。网络拓扑如附件。现在是9.1连接cisco 7010交换机的10/5口作为port-channel接口,不知为什么,port-channel接口始终无法协商lacp成功,两端均为active,但...
Forum Posts
We have 2 FMCv to manage different firewalls and we initially cloned the first FMC VM to create the new one, but that is not acceptable by the CSSM as I read on other threads.We then created a new FMCv from a downloaded image with the same version of...
Resolved! FMCv Migration FMC2700
Is there a migration path from FMCv25 (VMware) 7.4.2.1 to FMC2700?The Cisco Secure Firewall Management Center Model Migration Guide (16 Sep 2024) appears to be the most recent and references version 7.4.2. https://www.cisco.com/c/en/us/td/docs/securi...
Im attempting to use /api/fmc_config/v1/domain/{domainUUID}/object/internalcertificates/{objectId} to replace/rotate the LetsEncrypt certificate on the FMC. I get a 200 response, but the certificate does not change.Has anyone successfully done this?...
Problem: "show conn flow-rule qos" [followed by any input] gives "Syntax Error: Illegal parameter" Fix: first enter "system support diagnostic-cli" and then "enable", THEN you can run e.g. "show conn flow-rule qos 268444269" I first found the qos ...
Cisco has announced that FirePower Management Center for Virtual Classic license (PAK License) SKUs are end-of-life and will be replaced by Smart license SKUs. Last possible end date when ordering or renewing SWSS for the affected SKUs is April 30, 2...
Issue Description: %ASA-6-611102: User authentication failed: IP address: 172.x.x.x, Uname: ***** Username hidden for a syslog message 611102 even though no logging hide username is configured. Environment: ASA5516X Version 9.16.4.57 It looks lik...
Resolved! Anyconnect with SAML connection issue
Hi All,I have configured Cisco AnyConnect to authenticate with SAML and O365.When I connect, I am presented with the login page at which point I enter the password and then authenticate from my mobile phone. However, when it's 'authenticated' I get a...
Good dayI have sent up Anyconnect remote access vpns which are being authenticated through an AD for Duo MFA. Previously using local AAA, would lock users to a specific group. How can I achieve the same when the users are now connecting from AD. Rega...
I'm trying to upgrade the firmware of my Cisco ASA 5515 from 9.1.1 to 9.8.1. I know I need to go to 9.1.2 before I can go to 9.8.1, but everytime I try to copy 9.1.2 to flash I get the error "No Cfg structure found in downloaded image file" I'm not e...
Resolved! Backing up config, FTD and vFMC.
Hi. I am most of the way through implementing an ASA 5508-x, controlled by a vFMC. Both are running 6.2.2.0 of the FTD and FMC software. Since the configuration is quite complex, and I would hate to have to do it all again from scratch, I figured...
Hello everyone. Has anyone had this problem before? my secondary device is keeps failing And it's keep telling me (Event description: Interface check This host:1 single_vf: diagnostic Other host:0 ) That I looked at the management interface I ever se...
Hey guys, New to this area, would like to ask a question about configuration converting between ASA and Firepower 1120. I used the migration tool to convert the configuration from ASA 5516-X into FTD with FMC (Firepower 1120), there is an ACL in ASA ...
HiI will deploy a CSSP Proxy Virtual Machine to send events from my ASA firepower devices to cloud. For the configuration of send Syslog events to this Virtual Machine I get some questions: Also I want to know if is possible to configure 2 syslog ser...
Hi, my company uses a Cisco 4115 FTD version 7.2.7 to provide remote access for company employees. Cisco Secure Client and Cisco ISE are used as part of this solution. In a recent penetration test, the auditors advised that we disable cipher suites t...
