Hello,When clients over anyconnect try to access services via ASA, do they use the vpnfilter first or is it the ACL on interfaces that apply first?I am confused between vpnfilter & interface ACL , both are present in our case. Appreciate all help.
Hi I am trying to use eigrp on the cisco asa, simple setup (see diagram below) the link between sw1 and sw2 is just trunk (allow all the vlans)the link between sw2 and ASA is a layer3 link 2 svi created on sw1 =======================================...
Hi, We have Cisco Firepower 7000 series boxes running 6.2.3 installed in transparent mode in our customer network managed by FMC.The customer has some Gre tunnel traffic passing through PF , which is being decapsulated/decrypted. The customer has req...
Today we have on one customer a vFMC and 2 FTD (Primary and Secondary)I want to update the firepower 22xx from version 6.2.3.4 to version 6.2.3.11, but I want to update only the Primary FTD and the Secondary FTD to leave it off and not update, if the...
Running an ASA5505. Version 9.1.1. I have the following in the configuration.. Using PAT (And some static NATs inside but not shown here).object network obj_anysubnet 0.0.0.0 0.0.0.0access-list outside_in extended permit icmp any any echo-replyacces...
Hello all,Can you please help me to understand why i am gettign same IP repated in trace route:-tracert 103.1.191.10Tracing route to 103.1.191.10 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 10.10.10.10 2 <1 ms <1 ms <1 ms 10.1...
Hello, dear All!I have problem with icmp traceroute configuration. When I enabling icmp error inspection in global policy, my traceroute results through ASA 8.2.4 looks like this: ...
I have a cisco ASA cluster for remote VPN connections(Anyconnect) . As seen below, when you use show vpn-sessiondb, you can see there is only 1 IPSec tunnel, used to monitor the VPN load-balancing cluster status. Our reporting tool (Cacti) , sometim...
I have 1 Firepower Management Center Virtual Appliance version 6.3.0.1. I need to add 6 FPR2120's running FTD to the Firepower Management Center Virtual Appliance. What would be the correct license to purchase. All FPR2120's have Smartnet 24x7x4 I ha...
So I have a basic lab setup - see attached. My outside host machine is able to ping my internal host when icmp is not enable on the ACL on Outside. Anyone know why this may be or is the case? ASA# sh run: Saved:: Serial Number: JMX184940D6: Hardw...
Hello,I currently have an ASA Firewall under my office Network that is being configured. Our network has a public IP address: 46.198.141.94 with 46.198.141.93 as its gateway. Our ISP is also giving us a free /29 block ( 77.69.37.56/29 ) that we need...
As I begin to work more with the FTD/Sourcefire and FMC combination I really being to miss the ability to tie rules to just an interface and not have to think about order of operation when placing rules. I have mandatory and default, I always put my ...
Hello, Everyone, I have an ASA 5525x w/IPS module which I need to migrate to FTD.I used a Firepower Performance Estimator https://ngfwpe.cisco.com/dashboard Right now ASA 5525x consumes 50-60% of cpu. Conditions:Traffic: ~200 Mbps Enabled Features...
Hi, Does anyone know when CSM version 4.19 is planned to be released? It looks like that we are hitting the following bug but on 4.18 not 4.16: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk08347/?rfs=iqvred ASA version is 9.10, so we need a...
Hi,We've installed a virtualized FMC 6.3.0.This VM is on lab environment just for test, without any device managed, Internet access or any license added. Now, 6.3.0.2-67 patch, Snort Rule update and Vulnerability And Fingerprint Database have been up...
