What if we want to monitor a destination which is reachable through a Site to Site VPN? I have configured it by using the inside interface to source it, but unfortunately this is not working. Below my config:
sla monitor 20 type echo protocol ipIcmpEcho 192.168.72.254 interface inside frequency 5 sla monitor schedule 20 life forever start-time now
Unfortuntately, I'm getting timeouts as if traffic is not making it:
Entry number: 20 Modification time: 11:07:03.109 EST Thu Dec 19 2019 Number of Octets Used by this Entry: 2056 Number of operations attempted: 8031 Number of operations skipped: 8029 Current seconds left in Life: Forever Operational state of entry: Active Last time this entry was reset: Never Connection loss occurred: FALSE Timeout occurred: TRUE Over thresholds occurred: FALSE Latest RTT (milliseconds): NoConnection/Busy/Timeout Latest operation start time: 09:25:08.110 EST Fri Dec 20 2019 Latest operation return code: Timeout RTT Values: RTTAvg: 0 RTTMin: 0 RTTMax: 0 NumOfRTT: 0 RTTSum: 0 RTTSum2: 0
However, if I manually source the ping it works fine:
ASA# ping inside 192.168.72.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.72.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/8/10 ms
Attackers will always target the "low hanging fruit": devices that have passed end-of-software maintenance and end-of-support. A few years ago, Cisco described the evolution of attacks against infrastructure devices. All of the attacks discussed in t...
I somehow stumbled upon Cisco's IBNS 2.0 Auto Identity (AI) templates in my CML/VIRL IOSv layer2 image (IOS 15.2(6)).
I find these templates great, because these are the best practices that we tend to hard-code manually - e.g there are...
Hello. Thanks in advance for any input. I have just spun up a Cisco ISE lab and having some issues with the certificates. I created a self-signed certificate to be used with EAP and admin. DNS name of ise1.example.local points to the ...
Adversarial Tactics and TechniquesA Call to Action
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. Cisco ISE supports posturing of endpoints with different ...
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...