In Release Notes for the Cisco ASA Series, 9.7(x), there is a mention below:Dynamic RRI for IKEv2 static crypto mapsDynamic Reverse Route Injection occurs upon the successful establishment of IPsec Security Associations (SA's) when dynamic is specifi...
Forum Posts
Hi guys,I would like to know does any of you have experience with Firepower 2110. I found that neither BVI (on routed mode) and redundant interface are not supported on this device. So, what the replacement would be? How to enable redundancy?Thanks i...
Resolved! cisco firewall buying - vpn sessions
Greetings,My customer is asking for a firewall with Number of concurrent VPN tunnels= 10,000 and Number of security policies: 16,000 . I am not able to find in Cisco this. Can someone please share their knowledge and experience about this? Is 2140...
Hi,I have AMP for network on Firepower 2130, have configured file policy etc and have been using this site to testhttps://www.eicar.org/?page_id=3950. Http request are blocked by AMP, however https are not, we then configured ssl decryption, import c...
Okay so in my last discussion I wasn't getting an IP address from the ISP. Now I'm getting the ISP assigned dynamic IP address on the ASA, but I'm not getting the DNS servers of the ISP automatically on the ASA. I do get the DNS servers automatically...
Somewhere in upgrading to ASA code 9.1.4 and CX code 9.2.1.2 (52) we've run into a known and as yet still open bug (CSCud54665). The symptom that we experienced was frequent failover back and forth due to 'Service card in other unit has failed'. Th...
GreetingsI'm attempting to use an ASA to route two VLANs to an outside interface that uses NAT/Port Forwarding on the outside IP to access several servers within one of the aforementioned VLANs. The following diagram shows the topology. The router...
Hello everybody,I have a ASA5505 running OS rel. 9.1(7)32.Between this ASA and the target network are two different lines, one with encryption (S2S VPN) and one MPLS line.Depending on the source IP network I need to route that packets defferently.The...
Resolved! ASA L2L session is normal ??
If you look at the L2L VPN Session, you will see nothing in the session list.The configurationone ASA5525 (headquarters) and two ASA5516 (branch offices) are connected5525's outside IP is connected to Dynamic. I attach running-config.Help me plz!!!
After snort auto update, FTD gives the below error. The 3DES/AES algorithms require a Encryption-3DES-AES activation key. Is it related to 3DES-AES encryption license ? Does anyone experience with same issue? Any workaround ? Thanks in advance.
Resolved! Whitelist IP from IPS
Have a pair of 5515-IPS that are having a pen test done soon. We need to whitelist the pen test company IP addr from the IPS module. Does anyone have any suggestions on how to do this? Had thought of possibly excluding those addresses from the poli...
My question is pertaining to the flow of traffic with an ASA 5555X with the FirePower services module and a WCCP Redirect to a WSA appliance. I would think that the traffic flow should occur such as: Http traffic --> ASA --> FP IPS --> WCCP to WSA...
Hello EveryoneWe would like to deploy our 4120 as a Multi-Instance Container to have more flexibility in the future, without the need to get new boxes.Now in the Multi-Instance Guide and the FTD/FMC6.4 it states that the following features are not su...
Resolved! ASA session Check in Asymmetric Routing
I have a question regarding ASA session checkImagen this situationWe have an ASA which is Building two VPNs (Site-to-Site) to the Cloud and in the Routing table there is a loadbalancing to the Destination in the Cloud over the two VPN connections.(Lo...
Hi, Currently i have an ASA firewall on HO which is also the gateway for the users/servers etc... have a dark fiber connected to DR, we will have same subnet there and will have new firewall Cisco Firepower 4120. in the event the ASA goes down , how ...
