Hello Firepower community,On Firepower 6.4.x does anyone if it is possible with FMC/FTD to configure SSL inspection bypass using FQDN of target host?I have configured bypass using certificate issuer DN and while this does bypass SSL inspection for co...
Forum Posts
Trying to implement a SSL cert for the web server on a Firepower 1010.Not managed by a FMC (yet). Still in Testing/R&D phase. I'm not using a known/trusted certificate authority. I have my own CA cert, generated locally, distributed locally, then use...
Hi,I am getting the below from the crash analysis , I would like to know the crash might be due to the cpu hog ? and What is that Process: IKE Receiver Long CPU hogs of 500ms or more occurred recently (within the last 5 minutes), which could contri...
After a disconnection occurred in a videoconference, troubleshooting was initiated to identify the root cause. After log analysis, we found that the call was disconnected by H.323 timeout. However, I would like to know if you have any ASA parsing or ...
Hi, How could I configure on a FTD 6.4 (FMC) the " Microsoft CHAPv2 Cabable" option that is avalable on ASA for a Radius server authentication ?
We configured the IP SLA on Cisco ASA's to track the end to end connectivity of the internet lines. We wanted to monitor the SLA in our monitoring tool (nagios) , i found OID for Routers/Switches but couldn't get it for ASA. Looking for your support
Hello for everybody. Did anyone use scheme, when NAT and remote access vpn (anyconnect) are configured on the same HA pair or cluster of firepower 1120/1140? Is this scheme feasible?
Resolved! Can't ping through ASA
HiFor some reason I can't ping from my internal network to the external network through the ASA in my network. I have attached a copy of my Packet tracer file. Any help would be appreciated.
Dear All,We have configured DMZ on Firewall and our DMZ VLAN ID is 2 (172.16.2.0/24). All the server are running on the same VLAN. Now there is a requirement to create a virtual IP on the same VLAN i.e 2 and will configure static NAT with port forwar...
Hi All, I have a question during my project for ASA High AvailabilityHere's the topology : The Failover already working, but one point was not working .So if we remove cable from ISP 1 (orange cable / A), the traffic didn't go through ISP 2. But if w...
Hi guys,today I am faced with a NAT issue and want to ask you for your valued advice.An external host (and only this host) should access the outside interface of the ASA (OS rel. 8.4(7)30) and this should be translated to an internal server for ALL k...
I'm working towards a 5506 refresh to my 5505 that we have in production. As part of that effort I'm developing a configuration migration process. The problem I am having is in the NAT statements. Example below.. I'm running the latest v9.9 softwar...
Hello, Hello, I can't add more Logical Devices, what do you think is the issue?Is there a limit per license, how can I check that?another question where do we set the this ip address? it's the chassis manager(Gui) interface address Thx a lot
Hi GuysFirst of all excuse me for my bad drawing, I need some help with ASA design.I have two Cisco ASA 5585 which are connecting to two Nexus 7K.I looked at one design and it seems I can make Redundant interfaces on ASA and put two physical interfac...
Hello everyone.We just took on a client with two locations, each with an 5508-X.Before coming over to us, they had just renewed their SMARTnet agreement and FirePOWER services (IPS, AMP, URL filtering) for 3 years with their old IT company.Now here i...
