I am in requirement of double NAT (Primary and Secondary) in Cisco ASA, I need to configure single public IP to 2 different Inside Local IP address, in any case primary IP address fails, ASA should nat public IP to secondary IP. How do I achieve this...
Forum Posts
We have just received 18 ASA 5506 swap from the 42/82 RV's installed on our customers. Currently the role of the RV is to be the LAN gateway of the AP's, Loadbalancer, and VPN with the matrix of Oi for management.Now, as we know little about ASA5506,...
Resolved! FTDv/NGFWv in AWS BVI issue
Hi, I've deployed an FTDv/NGFWv in an AWS VPC, changed the firewall mode to transparent, and registered it to an FMCv. I've attached two additional network interfaces to the FTDv in the same subnet "192.168.1.0/24". Now when I try to create a BVI...
Resolved! FTD multi-instance parent type
Hi,Based in the following link: https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos241/cli-guide/b_CLI_ConfigGuide_FXOS_241/interface_management.html#id_20107 in application management in FTD they have the following interface type:- Da...
Hi Everyone. I've been trying to setup a simple network which has 1 firewall, 1 switch and 2 PCs. Please see the attachment for the topology. My goal is that I want my PCs can ping 8.8.8.8 of the 'internet' switch (from my attachment). But for now,...
Greetings all, Want to ask the community if any native IOS-XE functionality exists to dynamically perform Geo-IP filtering on public Internet facing interfaces? Obviously you can do this with FirePower, but that is a next gen firewall that is design...
Hi, I need some help with Cisco ASA configuration. Basically I have one dummy switch used to feed my active/passive firewall. On that switch I have following configuration: ip subnet-zeroip routing!ip route 0.0.0.0 0.0.0.0 xx.xx.xx.113!vlan 101name i...
Let us assume i have a firepower sfr model running with older version5.3.X, now I want to upgrade that module to 6.2.xNow the question is, can i shutdown sfr and uninstall the existing version and upgrade the latest version ?Or I have to follow the u...
Hello, I attempted to migrate anyconnect from ASA to FTD. We currently authenticate users using certificates only. The certs are issue to domain machine via our internal PKI. I exported the pkcs for the public cert and enrolled in FMC and that worke...
I'm looking for documentation on configuring the IPS features on a firepower 2120 running ASA code. Any help would be greatly appreciated!
Resolved! ASA 5508 - VTI site to Site tunnels
We have a few sites in out environment all connected with site to site tunnels on our ASA's all using VTI routed ipsec tunnels. This is all using BGP on the back end for routing. This has been working great. We are adding a second ISP at office A. Th...
Hello, I am using a FirePower 2110 and created a new admin account (myadmin) besides the pre-defined admin account (admin). I was able to login using both admin accounts; the pre-defied (admin) and the new one I created (myadmin). To follow our ISO...
Hello, We purchased several FirewPower 2100s but not using the FTD; however, we are only using the hosted ASA. I was trying to create sub-interfaces on the ASA and was able to. The ASA's config show the sub-interfaces. I spent hours just trying to...
Hi, I'm using a Cisco ASA 5545x in Multi Context mode. I have a license and use Cisco AMP and thought of moving to FTD, but I've reliased that FTD dosen't support multi context. Is multi context on it's way? or is multi instance similar? many thanks,...
Hi, Is it good practice to enable IPS on the core router to inspect internal traffic?Please mention bad impacts to normal traffic.On the edge firewall IPS is enabled. Thanks
