Many times, SXP connections must be established between devices through a firewall. A perfect example is when building a connection between Network Devices such as access switches and the Cisco Identity Services Engine. In order to configure this, a custom inspection must be defined as well as allowing the SXP TCP connection using port 64999 through the firewall.
This example ASA configuration will allow SXP connections to be established through the firewall:
set connection advanced-options SXP-MD5-OPTION-ALLOW
If the command <tcp-options> does not support the keyword "md5" this command may be substituted. <tcp-options range 19 19 allow> Note that option 19 (TCP port for MD5) with the keyword "md5" in ASA/FTD firewalls.
I would like to thank Mr. Shaun White for this sample configuration.
I can however login SSH with the same credentials with no problem. auacs1/admin# show application status acsACS role: PRIMARYProcess 'database' runningProcess 'management' runningProcess 'runtime' runningProcess 'adclient' runningProcess 'view-databa...
I patched our FMC from 220.127.116.11 to 18.104.22.168. I am receiving a warning that states " Successfully connected to cloud, Number of files detected in traffic exceeds module threshold." Is this something that will clear itself up in time? This warning ...
Hi,Can anyone help me?!I’ve had an ASA5510 up and running for some time without any issues.I recently purchased a ASA-SSM-AIP-10-K9 card to learn with.When I received the card, when doing a Show module 1, I could see that there was no firmware on the card...
Hi All,We are using ISE v2.2 for radius authentication of endpoints. Everything is working fine. Except in one Switch where Cisco VOIP 3905 is used. These devices are not authenticating with ISE and taking the Data domain instead of voice. By statically a...