Site-To-Site tunnel is established but inside local network does not have internet.In Tunnel connection profile i am not able put a check mark on NAT Exempt.Enclosed .txt is config. Please help..☺
Forum Posts
We have vpn-idle-timeout set to 120 mins. My understanding is it will kick in when a user losses network connection i.e pc going to sleep or network interruptions. If idle timeout expires then SSL tunnel drops and inactive timer starts. Does the user...
Resolved! Firepower 2110 bandwidth monitoring
I have recently migrated from an ASA 5525-X to a Firepower 2110. I had PRTG connecting to my old ASA and logging the bandwidth usage on the inside and outside ports via snmp. I have not been able to find a way to replicate this to the new Firepower...
Resolved! Cisco ASA isolate inside clients
Hello Cisco community! I'm facing problem which I can't solve for few days so maybe you guys can help. I have Cisco ASA 5506 with network structure like on attached diagram. I have one "inside" network 192.168.0.0/24. My goal is to isolate all intern...
Hi We have a number of 2960S switches which are vulnerable to this PSIRT. The IOS software checker says that the 1st fixed on non-affected release of IOS is 15.2(7)E2.However, the latest available IOS to download for the 2960S is 15.2(2)E9, which is ...
Dear experts, We are having 2 physical cisco ASA firewalls and both are in multi context mode. The problem i am facing is, Fail over is fail. I found out that on standby ASA, the link is showing down. I changed the cable but still the issue is there....
I was configuring the remote syslog server on my cisco ASA5505 ( version 8.2.1) over port TCP 1514,after configuring this i was facing issue with my existing working connection. By checking the syslog message able to see that same port TCP-1514 has ...
I need to identify when access rules & NATs are created in ASA 5500, this is required for audit in my company btw.The question is:Is it possible to know when an access rule / NAT rule is created in ASA 5500 ?? I haven't found any commands/solution fo...
Hello All, is it possible to monitor embryonic connections on FMC? - 6.3 - using a "custom widget" on the dashboard I am aware I can see this via the CLI of the FTD however I would like to know if it's possible to create a widget to show this info ...
Resolved! Ise dacl and vpn filter
Hello ,In a scenario that ASA has it's vpn-filter-list and after the posturing check a DACL is also assigned.Both lists works or the DACL overrides asa-vpn-filter ? Spyros
Hi all,I am facing issue: Firewall Cisco Firepower block traffic between 2 zone but I not show block traffic on event.I decriable about my system:1. I have Firewall Cisco Firepower running HA, and have 2 zone: Sec-zone and User-zone.2. I take capture...
Resolved! NGFW and port scanner
Hello everyone, please help with an understanding of NGFW processes.When scanning an external network protected by firepower ftd 2130, the scanner shows open ports on hosts that are explicitly closed in FMC, and when trying to connect to an allegedly...
hi,i disabled anyconnect/webvpn on an ASA FW since it's not being used and to help reduce the vulnerability on the FW.i got a warning prompt below and was wondering if this is normal? my google search is failing me and i want to know what does it mea...
Hi there. I have two ASA5506Xs which have started rebooting daily. It appears to have started once I renewed their SSL certificates. However, everything SSL wise appears to be working fine. The two devices are connected by a network tunnel. Thanks
When I remotely ping from a remote network 192.168.210.x to a server (192.168.17.x) it fails.1. I have already enabled "same-security-traffic permit inter-interface"2. I have already a policy map to do TCP state bypass the ASA logs show:4Jun 26 20201...
