Please I need your help and clarifications on some features on the new Cisco firepower management center. we recently got these new NGFW but I discovered after analyzing running configuration with Nipper Studio, I discovered some configurations are...
Forum Posts
Resolved! NAT Config
Hi,I have a router which I have inherited with a network. Need to add a port forward to forward traffic on the Dialler0 port tcp/443 to the internal IP 10.20.24.49 on tcp/443. I have tried adding a static NAT statement: ip nat inside source static t...
Hi guys and girls,I have a pretty simple question: is there a way to see which DH-group and/or ISAKMP policy was used in a IPsec VPN tunnel?I know that you can see which encryption and hashing was used with "show crypto isakmp sa", but i was wonderin...
Hi all, Using FMC, I have configured 2x internal sub interfaces (1/14.100 and 1/14.200 which cover subnets 192.168.1.0/24 and 192.168.2.0/24 respectively) and tie them to internal zone. I have also configured an external interface 1/1 (connected to m...
Is it possible to detect and block based on host OS? I'm specifically wanting to block any Win XP and anything less than Win 2008 real 2.
Hi Expert, Customer has below query: Does Fail-to-wire (FTW) interfaces come into picture when NGIPS is freeze or becomes un-responsive(hang). As per me, FTW should act when NGIPS is freeze. Kindly confirm my understanding.
Hi,I need some help, I cannot find the answer for this anywhere.I try to setup NAT rule in ASDM but when I click apply I get Error xlate no more than two interfaces permitted. I also get this error when I do show xlate interface ..... . I dont know w...
Resolved! vpn filter
Hello,When clients over anyconnect try to access services via ASA, do they use the vpnfilter first or is it the ACL on interfaces that apply first?I am confused between vpnfilter & interface ACL , both are present in our case. Appreciate all help.
Hi I am trying to use eigrp on the cisco asa, simple setup (see diagram below) the link between sw1 and sw2 is just trunk (allow all the vlans)the link between sw2 and ASA is a layer3 link 2 svi created on sw1 =======================================...
Hi, We have Cisco Firepower 7000 series boxes running 6.2.3 installed in transparent mode in our customer network managed by FMC.The customer has some Gre tunnel traffic passing through PF , which is being decapsulated/decrypted. The customer has req...
Today we have on one customer a vFMC and 2 FTD (Primary and Secondary)I want to update the firepower 22xx from version 6.2.3.4 to version 6.2.3.11, but I want to update only the Primary FTD and the Secondary FTD to leave it off and not update, if the...
Running an ASA5505. Version 9.1.1. I have the following in the configuration.. Using PAT (And some static NATs inside but not shown here).object network obj_anysubnet 0.0.0.0 0.0.0.0access-list outside_in extended permit icmp any any echo-replyacces...
Hello all,Can you please help me to understand why i am gettign same IP repated in trace route:-tracert 103.1.191.10Tracing route to 103.1.191.10 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 10.10.10.10 2 <1 ms <1 ms <1 ms 10.1...
Hello, dear All!I have problem with icmp traceroute configuration. When I enabling icmp error inspection in global policy, my traceroute results through ASA 8.2.4 looks like this: ...
I have a cisco ASA cluster for remote VPN connections(Anyconnect) . As seen below, when you use show vpn-sessiondb, you can see there is only 1 IPSec tunnel, used to monitor the VPN load-balancing cluster status. Our reporting tool (Cacti) , sometim...
