The affected device uses the same base access-control policy (and same pre-filter policy) as all our other inline firewalls. Where we have sites that need additional rules, we create a child policy that inherits from the base access-control policy. I...
Forum Posts
Hi All, Can we copy & paste rules from one policy to another in FMC ? I am in middle of a migration where we are using FMT tool to migrate rules however we are facing lot of issues. Every time we run FMC, it creates a new policy however we want to cr...
Resolved! Disabling SIP
Hi, I need to disable SIP in my FTD. However, I don't have the options to issue the below command configure inspection sip disable . I only have the below: audit_cert Change to Audit_cert Configuration Modeconfigure C...
Hi, I have a firewall that is setup to connect to outside devices via IKEv2 vpns. I need to find out how many connections have been made and how many ip's are leased from the Firewall? Any help on this would be greatly appreciated. Thanks
We are trying to configure our Cisco for SIP but after opening all the requited ports we do not have audio. We can call extensions from different locations, just can hear each other outside of our location. The IP phones in-house we can call and hear...
I have a rather stubborn occurrence. I keep getting: Deny IP spoof from (10.87.88.1) to 10.141.36.60 on interface inside. This is connected via VPN. 10.87.88.1 is the VPN Termination point. It is a site to site connection. The 10.141.36.60 i...
Hi everyone We recently purchased 4 x refurbished C-20 codecs for our distance learning program with our satellite campus. Our original C-20 performance were beginnning to slow down.We have been using our Cisco Telepresence appliances for almost 10 y...
Hello, After upgrading our FMC 4500 to 6.5.0, we can no longer SSH into it.Here are the symptoms:1. Before upgrade, we could successfully use Putty and SecureCRT to access CLI via SSH2. We are trying to use Putty and SecureCRT and neither emulator is...
I’m having an issue where I can’t reach one of the outside interfaces on the ASA.I keep getting in the logsFailed to locate egress interface for ICMP from outside2.Here is the high-level topology.2 outside interfaces1 called outside1 (the one I can’...
Resolved! Re-convergence does not work on FTD
Hi Forum, we have a pair of FTD2140 running patch 6.4.0.4 in HA setup. Default HA timer are used. Re-convergence does not happen after a failover. All interfaces are in "normal" status when doing "show high-availability config" from CLI. Is this beha...
Resolved! Failed to update IPv4 configuration
Hi Forum, I am trying to change the IPv4 configuration but get the error message attached in the screenshot. I'm not able to ping/SSH the old IP from a directly connected interface either. I have two FTDs directly connected and the other one function...
HiIs it possible to export the endpoint compliance report from Cisco AMP console in pdf format?. If yes, please share the stepsThanks.
Resolved! User Account permissions in ASDM
Can you configure user account permissions that apply to ASDM interface from the CLI? For instance, I need to gove someone red only access to the ASDM so they can view but cannot make changes to the config.Can this be done using the CLI?Mario
Hi,I am having issues with an ASA 5525 post upgrade to 9.6(4). Some websites/apps cannot be reached. sites like www.google.com and www.youtube.com work but www.cisco.com and facebook do not. I fear I messed up my xlate/pat config some how. I strip th...
Hi guys, Is there a way to download the packet capture file from a specific context? I know that I used to use https://<ASA_IP>/admin/capture/<capture>; to download it if it is just one context. The ASA uses mgmt 0/0 for management and it is connect...
