I have configured Netflow on CISCO ASA 5516, but seems like I have wrongly configured the interface, can anyone help me to change the interface or remove the old netflow config and configure the new netflow configuration.If anyone can help me with th...
Forum Posts
I have an ASA5505 running for some time with remote users able to access the central office LAN / servers etc and also able to connect to the internet via the central office connection. For local printing, these VPN (IPSEC) cleints use printers on t...
Resolved! ASA5506X Performance Capabilities
Hello, We have an ASA5506X running 9.6.1. We are currently running a VPN tunnel using: Ikev1 with AES-256, SHA1, and DH 2, and it runs very well. We are considering changing the config to use: ikev2 with AES-256, SHA256, and DH20. Can anyone tell m...
One of our clients deployed an ASAv in their Azure environment. I was informed they want to setup a S2S tunnel from it to their physical ASA at their HQ. I haven't been able to find anything on configuring the S2S tunnel on the ASAv side. Accordin...
Hi! Since recent availability of ASAv for Microsoft Azure I have question about network design. Currently it is possible to have 4 network interfaces in ASAv, so we limited to 3 subnets in Azure VNET. We have more than 3 subnets and Azure Gateway for...
Firepower management centre is not able to deploy policy to sensor modules. I have tried to deploy manually.Just noticed there appears to be some deployment failures and it has advised we raise a TAC case.I have tried to manually deploy and it still...
Hi, I am having proglem to get work from outside network to inside network. I have made nat rules etc already and giving permissson, tried use tcp and udp ports. Inside network everything is working. I have tried 1433 and 3838 ports both are working ...
Hi all, In the production network, we are using firepower 9300 with ASA 9.8.2. during NAT translations we are getting " Duplicate TCP SYN from CGN_INTERNET: X.X.X.X/58487 to CGN_INTERNET: X.X.X.X/25268 with different initial sequence number". please ...
Hi all We have an ASA 5510 which was installed at a site some time ago, however I have recently migrated the site's traffic to it away from a previous router (Meraki device of some description) There is a CUCM server with a SIP trunk to the inter...
Resolved! Deploy SFR: Inline or Monitor
DearHow are you? Implementing two sfr modules in ASA failover firewall will be managed by an FMC. For 3 weeks you will be only monitoring the traffic and analyzed through the FMC to define the signature bases that we will block, I have a period to le...
Resolved! tricky NAT issue on ASA 9.1
hi guys, I m facing a tricky NAT issue here, it's quite strange....here is the story :we have a subnet 192.168.2.0/24 and have 2 public IP on ASA(9.1)all the subnet is dynamic NAT to the outside interface.and now I want to add an internal IP to stati...
Hello everyone, I'm currently running Firepower 6.2.3.9-54 on ASA 5516-X 9.8(3)-16 (currently running in monitor only mode). I've created an SSL Policy and attached it to an ACP. The SSL Policy is configured to 'Decrypt - Known Key' for a single web...
I am trying to open up all the ip ranges that Cisco says it needs for webex to talk to my sparkboards. Is there an easy way to create a network object group that has multiple ranges in it? I am running ASA 9.8.2 if that makes a difference. So for...
Hello, I've been working on this and could not find out why.I have an esxi server and a web server.I can port forward to my test webserver with no problem using:static (inside,outside) tcp interface 8080 192.168.6.251 www netmask 255.255.255.255 But...
