This issue is documented in Cisco bug ID CSCsb99792.
An Internet Control Message Protocol (ICMP) packet must egress the interface that is used as a global Port Address Translation (PAT) address for dynamic translation being PATed to the interface IP and must be assigned an internal connection source port of zero. It can be seen in the output of the show xlate command, as shown:
PAT Global 10.36.9.2(0) Local 172.16.5.21 ICMP id 512.
The source port in the global address should be zero.
For a workaround, either use any other IP address apart from the interface IP address as the global PAT address.
Clear the specific ICMP translation that causes the problem. For example:
HiWhen I tried enable this 3des I got this Warning and I did see 3des in my transform-set.WARNING: 3DES configuration under crypto ikev1 policy encryption is insecure. Converted to AES. Please check release notes for details. crypto ikev1 policy 2aut...
ASA firmware: 9.14(1)15Model: FRP-1140OS: tested with Windows 10 20H2 and Server 2016Java: tested with Oracle Java 8u281, Oracle Java 8u211 and OpenJDK 1.8.0_282-1 Clicking the Split Tunnelling button will make the window freeze, the OK, Cancel ...
Do the ASAs support UPnP?I have a 5515 running 9.12(4)13 / ASDM 7.15(1) and can not find any option for it.I have 2 xboxs on the same network and they want to use UPnP to allow for correct multi-player and chatI really dont want to have to replace the ASA...
I have a Cisco ISE 2.6 running MAB authentication only. The list of authorized MACs has been uploaded to ISE. However, after deleting one MAC address, the endpoint still authenticates and successfully connects to the network. I checked logs and its saying...