We had upgraded 3 of our firewalls in the last week. Those were ASA 5510s
and were running on 8.2(2)16 before. They were upgraded to 8.4(4) last week. We have
Wireless Access Points in the external segment (outside firewall) and after the firewall
was upgraded, we saw that 3 of our wireless APs could not get IPs (the DHCP server resides
in internal LAN segment), while the other three APs got IPs. Rebooting the firewall also
did not help. We then downgraded the firewall to 8.2(2)16 and all 6 APs immediately got
IPs. Is there a bug related to DHCP relay on 8.4(4)?
I tried to look for, but there are no current bugs related to dhcp relay on ASA, I suggest you take captures and dhcp debugs to identify the cause for denial, only then any possiblity of a bug can be ruled out. Right now we dont even know whether it is the ASA or anyother device causing the issue, you need to first isolate that.
I upgraded three ASAs (1 5505 and two 5510) to 8.4(4)3 and on all three ASAs which were providing DHCP services to connected networks stopped working. Users could not get DHCP addresses from the ASAs running 22.214.171.124.
I did packet captures from the desktop, basically I see the DHCP requests leaving the desktop, but no replies from the ASA.
I downgraded the ASA to 8.4(4)1 and DHCP immediately starting working again.
I then upgraded back to 126.96.36.199. DHCP failed again. Downgraded the ASA to 188.8.131.52, then DHCP started working again.
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
This document presents the ISE data limiting best practices that can dramatically improve the system performance on ISE.
Your deployment may be impacted if the alarms tab on ISE shows High load average, high CPU or high memoy usage alarm...