Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...
Forum Posts
We have 2 pairs of HA 2110 Security Appliances managed from an FMC all running 6.4.0.2 currently trying to get kerberos working All seems correct and in place joined AD, LDAPS, ACL Rule, SSL rewrite policy, Identity Policy configured with a cert usin...
Hi Gents, This is an easy one, but i can"t seem to figure it out. I have a pair of 5515X in failover with three interfaces(inside, outside, DMZ) and a sub-interface(uses the DMZ as main). So i use the DMZ interface to create a sub-interface, i had no...
There is requirement to deploy FTDv/NGFWv in AWS for securing Outbound and Inbound (NAT) connections to Internet. Can FTDv/NGFWv be deployed in Active/Passive mode ? the Appliance only come with 2 Mgmt interfaces and 2 Data Interfaces.How can we depl...
I have a router with two segments. Outside segment is the client and inside is the domain controller. I need to define ACL on Outside interface to allow communication for active directory. Router will use packet filter ACL (no state full inspection...
We are configured Cisco ASA firewall with three network , One Router and a Switch.One Anti-Virus server are used for antivirus server updated, IP 124.124.124.2 which is connected to Campus Router *Campus Router Cisco 1841 Interface Gig0/1 = 124.124.1...
Hi! We have an ASA 5555-X as firewall and our uplink channel is ~350-400 Mbps. And there is very strange thing happen: as more traffic pass through uplink interface as datapath proccesses get big values.For example right now we have ~200 MBps on upli...
Hello, I have firepower 2110 in high availability, managed by FMC. I would like to ask if there is a way to configure a mail to be sent when a user connects to the VPN. Thanks and regards, Konstantinos
Hi,Is it possible to apply PBR on the dmz interface(on ASA 9.8(3)) and use it to re-route traffic directed to the inside interface but change the destination IP address in the process. Basically we need to temporary change the destination(redirect)...
Hi,We are upgrading our ASA cluster 5512-X from 9.7(1)24 to 9.10.1 without changing Anyconnect version My question is , do I need to upgrade hostcan version installed on all my remote access machines ? regards,
Hello Im about to switch from a Cisco 5555X to a 2130 as our main FW. I have several Cisco ASA 5505/5506X/Others with encryptions which 2130 6.5 warnes me will be deprecated in the future. (see picture). I was considering a change in DH groups on our...
Hi,i am having issue with ASA5506x with running software 9.13I need to configure dhcp relay and BVI for LAN interfaces. Issue is, when i create BVI and put interface (gi1/2)inside2 and (gi1/3) inside3 to BVI group, there is no option in DHCP relay to...
I need to set up 6 Point to Point VPN tunnels to business partners. Due to our limited number of public IPs I want all of these to NAT through the same PAT address. Currently I have set up an entry like the below to use as a PAT address: object netwo...
Hello Everyone,It may very well be the time of day I'm writing this and long hours of looking at the screen.. but I'm setting up a lab ASA with an inside and outside interface. Inside interface is connected to a L3 Nexus 3064 using a transit VLAN ( 1...
HelloWe want to integrate Firepower with ISE via pxGrid.We do not have a internal CA server so we want to use ISE as internal CA with local self-sign certs.As far as I know on Firepower I need to generate a CSR so it will be signed by CA (Cisco ISE) ...
Hello, I am trying to figure what would be the ASA configuration that could do the same thing this watchguard does, I need the configuration.that Fa0/0 carries vlan 10, 20 ,30 and they are just vlans, fa0/0 interface is probably a router on stick so ...
