User have a pair of 5525-X's that are needed to be configured for Active/Passive fail-over running 9.1(2). It's same as 8.x code so this is more as a reference. One thing that I did do different though is I configured the failover and stateful links to be a LAN to LAN IPsec tunnel. It encrypts all traffic (failover and state replication) between the two firewalls. You can never have enough security right? I also included a screenshot for you ASDM users.
User would like to do few clarification on ASA active/standby fail-over, involving CSC SSM module.Current status there is production firewall running in ASA8.3.1, along with CSC module 6.3 Purchase another identical unit of firewall, so these will do in Active/Standby fail-over mode.
Question 1 The new purchase ASA unit CSC module license was not activated and installed yet (customer misplace the PAK paper license). my question is it possible to set up the fail-over in the condition of one CSC SSM in operation mode, whilst another CSC status down because no license install on it?
Question 2 New firewall will the standby unit, beside configure on the fail-over, do we need to load Any-connect image to the new firewall as well?
Question 3 Can user just update the ASA version of the production firewall from 8.3.1 to 8.4.2? Would this cause any syntax error?
On the primary firewall-
failover lan unit primary
failover lan interface FAILOVER-INTF GigabitEthernet0/6
failover link STATEFUL-FAILOVER-INTF GigabitEthernet0/7
failover interface ip FAILOVER-INTF 169.254.254.1 255.255.255.252 standby 169.254.254.2
failover interface ip STATEFUL-FAILOVER-INTF 169.254.254.254 255.255.255.252 standby 169.254.254.253
I've inherited an ISE deployment and In our AD there is a ISE service account who is a domain admin.Going through the ISE guides, I can that the service account need specific permission in AD, and I guess they've used a domain admin (the dirty way). ...
I have a FTD2130 HA pair running firmware 184.108.40.206. I have some public facing servers configured with 1to1 static NAT rules on the FTD and associated Access Control Security Policy rules, for example:Source Server#1 192.168.100.100, destination ANY &l...
We are using Cisco ISE to do EAP-TLS authentication from a 3rd party solution. The vendor's documentation states "The NAS ID will be sent in the RADIUS NAS-Identifier attribute of the Access-Request. The RADIUS server uses it to identify this Mobility ser...
Hello Experts, I am am setting up an asa 5508 in transparent firewall. Created a BVI interface and join two inside interfaces to bridge. I am after to create an ACL that can permit only one host per interface Interface BVI ...