Under "Build Filter" I don't see anything related to filter for "deny" or anything else other than ip, ports, etc. I'm probably looking in wrong place. Anyone know good doc to refer to I can't find on Cisco.
Forum Posts
Hello i have ASA 5506-X with Firepower threat defense (6.2.3 build 83 ) and Firepower management center version 6.2.3 and i make all re-image configuration as guide https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200884-installing-...
Hi, I noticed the default hello/hold timers on FTD (Cisco FTD 4110 6.3) are 60/180 seconds, although the link speed is more than T1 speed - link is 20 Gbps. The other end of my FTD is a Catalyst 9500 with default timers of 5/15 seconds. I can chan...
So I am looking at logs on my ASA5505 in my lab and noticed when doing pings from a host on the Outside interface, the source IP in Real-time log viewer is the Outside interface and not host machine - see attached. Also, I don't see pings on the lo...
Hello Community Members, I've just recently run accross my config and noticed I have an Internal Control and Internal Data interfaces in my Cisco ASA 5516-x. Internal-Control1/1 127.0.1.1 YES unset up upInternal-Data1/1 unassigned YES unset down do...
Question: Is the IPS configuration the same for the 2911 router as the 4240 IPS? Thanks, joe.
Hello All, I am trying to configure an UCS-E Box with ASAv installed on it at VMWare side. If you see the Diagram it will be more easier considering what I am thinking to execute. ISR router model is UCS-E140S-M2/K9 with in built switch install...
hi I'running Cisco FMC on VMware, what I did was in the GUI in the The Access List,removed any, replaced with my LAN ip subnet as source for: 443 (HTTPS)—Used for web interface access. 22 (SSH)—Used for command line access. "By default, access ...
Here is the setup. I have a single ASA, and single Microsoft NPS server acting as the Radius server. I would like to have two VPN group profiles on my NPS server, one for each of my two user groups. In the past, I have resorted to using two NPS/Rad...
We are doing a tracert to our internet router. The first time it takes 3 hops The first hop is the Cisco L3 core switches The second hop the firewall The third hop the internet router. The second time i do a tracert from the same machine an few se...
Hi, We are having a issue with our Firepower User Agent for AD. During the last week the user agent has stopped the service a couple of times. So this caused the mapping of the users to be lost. Looking in the agent we saw the lines pointing to the...
i have some problems about packet-tracer in ASA9.8, The asa config Static NAT and dynamic PAT packet-tracer input outside tcp IP_1 50021 IP_2 21 IS IP_1 is real address and IP_2 is Mapping address ? thanks zhixin
Hi, I am trying to learn about certificates used by the Cisco ASA, Can you please recommend a resource or document that has this information. Thank you
Hello community,sorry for my bad english,i want use function remove objects "Not Used" for cisco ASA 5515, but my team say it this can lead to bad consequences (nat, acl remove). I can not find to what exactly problems. Is there a risk?
According to NAT section rule section 2 should be processed before section 3. In my test LAB the section 3 get processed. In other words Twice-NAT (after-auto) get processed. Expected is section 2 object NAT + PAT There are two rules 1) Object...
