Hello I want to confirm if this deployment would work or not. We would have a asa firewall (external) conected to the internet router. The link between the internet routers and the asa would use a public ip address range. And another asa (vpn) con...
Hi, I am trying to get the AnyConnet VPN client device's hostname in ISE. DHCP profiling probe is enabled on ISE and works for LAN devices. AnyConnect is 4.6 version. The headend firewall is FTD 2110, 6.2.3. ISE is running 2.4 patch 5. The VPN...
I have Cisco ASA 5510 that we are looking to replace. We would like to replace it with another Cisco Appliance. My Question is 2 parts. Part 1 I am not extremely familiar with the Cisco line of products. The main requirements are VPN and we have 2 ...
How are you handling service allowance where wildcard domains are the only firewall configuration provided? Specifically I am looking at a server that needs access to Microsoft PowerBI services. I have attached the documentation provided by Microso...
Hello unable to access internet, packet tracer from inside to STC shows that packets allowed but still can not access internet. hereinafter ASA configuration. ISP router connected to interface 0/2. interface GigabitEthernet0/0 description ** LAN I...
Hi Community, I am stuck in here as, VPN is successfully established between DC & Site1 but traffic (icmp or any other) is not flowing. Kindly help. Below are the two site IKV1 configuration. Site 1: object-group network Datacenter_nwnetwork-object 1...
hi, Anyone know if there's a official hardening guide for Cisco Firepower 4100 series platform ? I only manage to find guide for ASA Firewall http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200150-Cisco-...
12 years as a firewall guy... and this is a first for me.I have a request to allow firewall access to an app that apparently uses tcp port 0. I thought it didn't exist... but good-ol' google proved that wrong. I did find this comment: " Port 0 is ...
I have 2 FTD 2120 Firewall with HA. I manage these by FMC. I need to port forward to my web server IP. For example: In my Firewall WAN there is IP Gi 0/1: 1.1.1.1 & 1.1.1.2. Routable Public IP Gi 0/2: 2.2.2.1/29 LAN IP Gi 0/3 : 10.10.10.10 Can anyo...
HelloI have 802.1x configured on my Cat 3560 switch stack. For the most part everything works fine but I keep running into users who have printers that go into sleep mode and then the port reverts to a dead default vlan99. When the user goes to print...
I am considering re-flashing my ASA5506 from ASA to FTD. I am reading that there is a license required for Remote Access VPN operation, but all documents mention SSL (or "Anyconnect"). Right now using the "traditional" ASA OS, my ASA has no problem r...
Does the aaa commands/configuration copy to standby firewall? I can't seem to get to my secondary ASA. Message TextFailed-Attempt: Session Authorization encountered an errorFailure Reason15020 Could not find selected Shell ProfilesResolutionAdd a s...
Hi, I am moving some rules from a checkpoint firewall (r77.30) to an new ASA pair (9.8(2)28 one of the rules I have seen has 2 internal hosts sharing the same external IP on the same ports. is there anyway to do this on the cisco? e.g. outsid...
Hi all, I've searched the internet high and low and cant find a definite answer to this one. With the old ASA's with the firepower modules is CTR+PROTECT licenses enough for the IPS to work and generate IPS events in the event viewer (adsm) or FMC? ...
So i am trying to connect a virtual PC into GNS3 ASAV using any connect. Typically Anyconnect is never a problem for me, but now when I try to connect, it goes through all the motions. It asked me do I want to accept the self signed certificate and...
