Hello All, We have enabled sysopt permit vpn to bypass the external ACL for cisco anyconnect vpn but there is weird thing happened when the packet-tracer was always checking the external acl and never the vpn-filter in the group policy. Why i think t...
Forum Posts
Resolved! Doea ASA multimode support ebgp?
We have a need to build bgp with AWS over ipsec-gre from a multimode asa. Is it supported?
Resolved! PID: ASA5508
upon reboot, the status led starts flashing and the device turns off completely, after that 3-5 minutes does not respond to the button ... it stands with the button turned off, then it starts normally ... ciscoasa# reloadProceed with reload? [confirm...
Resolved! NAT rule on cisco ASA
Hello Experts, I am new to security, please bear with me, i am practising NAT on Cisco ASA and referring below link. https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/nat-reference.html1) NAT for I...
Hello, Is it enough to monitor the number of connected users + main CPU to understand the overall health of ASA? I'm concerned about VPN offload and as a result, the main CPU being flat while Crypro subsystem loaded and strugglingHere are some exampl...
I would like to setup a backup internet connection but I don't want the connection to failover if one IP address or sla monitor is down. I would like at least two to fail before it goes down. The only way I can think of is the config below. Is ther...
Good morning all, First of all I hope everyone is staying healthy during these crazy times. I've been trying to solve this issue for over 3 days but just can't seem to wrap my brain around it. I have a webserver with an internal IP address of 192.1...
Resolved! Best type of RSA Keys to configure?
I was thinking of configuring RSA using the label-key syntex so I don't have to configure a domain name. Should you really configure them to be exportable? Basically just trying to understand better the options explained in Cisco Docs with keeping go...
Hallo, We have 2 sites connected through a site2site VPN between an ASA5516-X on site1 and ASA5505 on site2. Everything works fine both ways.Our problem is that an AnyConnect client connected through ASA5516-X on site1 can’t reach devices on site2 re...
Resolved! How does MPF framework on ASA
HelloMy question is more theoretical than practical. I try to study content of CCNA/CCNP Security certification on my own and I don't get one thing regarding the ASA and Modular Policy Framework.I saw one CCNP CBT nugget video when guy showed us in A...
Hello, I receive the following error in FMC I have tested and the connectivity is ok. Any ideas? Thanks and regards, Konstantinos
Hi, we are trying to change the app-agent heartbeat of 1000 to 3000 using flexconfig policy on FMC but it is not working. can anybody help us with that? we did something wrong for sure Thanks
Hello, We are using a pair of Firepower 2110s running FTD version 6.5.0.4, managed with an FMC. Remote VPN with anyconnect has been successfully configured with a split-tunnel arrangement of "tunnel all". An outside/outside NAT rule was added to al...
I'm having issues connecting to clients to Trends WFBS (cloud) through and ASA5508 running firepower. I can install the agent and everything updates correctly but clients can not connect to the console. From what I can gather the clients connect to...
Resolved! 5505 to 5506 SOHO w/ VPN
Hello, I've used the ASA 5505 for years and recently got some 5506-X units in to setup as home office devices for users working from home. I knew there were some differences but I'm confused on a few things when comparing the configs between the 5505...
