Hi there, I'm reading the list of topics for the IINS 210-260 exam here: https://learningnetwork.cisco.com/community/certifications/security_ccna/iins-v3/exam-topics I'm using the official cert guide and if I check Appendix B for exam updates some co...
Forum Posts
GreetingsI've been running ASAs with Firepower services 5508 up to 5525s for some six years now and would like to know if there is some consensus out there on where the majority of ACL should be implemented. I've always had an idea of keeping the bas...
Hi , Pls tell me Is it necessary to have 8GB DRAM and 8GB Flash memory for IPS/IDS functionality to work on CISCO 1100 Series. If yes does it mean only C1111-X8P (X indicates advanced security features) is only product with IPS/IDS. We cant use C1111...
In Release Notes for the Cisco ASA Series, 9.7(x), there is a mention below:Dynamic RRI for IKEv2 static crypto mapsDynamic Reverse Route Injection occurs upon the successful establishment of IPsec Security Associations (SA's) when dynamic is specifi...
Hi guys,I would like to know does any of you have experience with Firepower 2110. I found that neither BVI (on routed mode) and redundant interface are not supported on this device. So, what the replacement would be? How to enable redundancy?Thanks i...
Resolved! cisco firewall buying - vpn sessions
Greetings,My customer is asking for a firewall with Number of concurrent VPN tunnels= 10,000 and Number of security policies: 16,000 . I am not able to find in Cisco this. Can someone please share their knowledge and experience about this? Is 2140...
Hi,I have AMP for network on Firepower 2130, have configured file policy etc and have been using this site to testhttps://www.eicar.org/?page_id=3950. Http request are blocked by AMP, however https are not, we then configured ssl decryption, import c...
Okay so in my last discussion I wasn't getting an IP address from the ISP. Now I'm getting the ISP assigned dynamic IP address on the ASA, but I'm not getting the DNS servers of the ISP automatically on the ASA. I do get the DNS servers automatically...
Somewhere in upgrading to ASA code 9.1.4 and CX code 9.2.1.2 (52) we've run into a known and as yet still open bug (CSCud54665). The symptom that we experienced was frequent failover back and forth due to 'Service card in other unit has failed'. Th...
GreetingsI'm attempting to use an ASA to route two VLANs to an outside interface that uses NAT/Port Forwarding on the outside IP to access several servers within one of the aforementioned VLANs. The following diagram shows the topology. The router...
Hello everybody,I have a ASA5505 running OS rel. 9.1(7)32.Between this ASA and the target network are two different lines, one with encryption (S2S VPN) and one MPLS line.Depending on the source IP network I need to route that packets defferently.The...
Resolved! ASA L2L session is normal ??
If you look at the L2L VPN Session, you will see nothing in the session list.The configurationone ASA5525 (headquarters) and two ASA5516 (branch offices) are connected5525's outside IP is connected to Dynamic. I attach running-config.Help me plz!!!
After snort auto update, FTD gives the below error. The 3DES/AES algorithms require a Encryption-3DES-AES activation key. Is it related to 3DES-AES encryption license ? Does anyone experience with same issue? Any workaround ? Thanks in advance.
Resolved! Whitelist IP from IPS
Have a pair of 5515-IPS that are having a pen test done soon. We need to whitelist the pen test company IP addr from the IPS module. Does anyone have any suggestions on how to do this? Had thought of possibly excluding those addresses from the poli...
My question is pertaining to the flow of traffic with an ASA 5555X with the FirePower services module and a WCCP Redirect to a WSA appliance. I would think that the traffic flow should occur such as: Http traffic --> ASA --> FP IPS --> WCCP to WSA...
