106015 Error Message % ASA -6-106015: Deny TCP (no connection) from IP_address /port to IP_address /port flags tcp_flags on interface interface_name. Explanation The ASA discarded a TCP packet that has no associated connection in the ASA connection table. The ASA looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is no existing connection, the ASA discards the packet. Recommended Action None required unless the ASA receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent. ... View more

As per my understanding, if you do not like roaming, you should treat each site as seperate. ... View more

if your 3850  1/0/36 - nexus interface Ethernet1/11   how do you expect one side access port other side no switch port to work ?     ... View more

thanks for the clarification, it would nice to update the document in the cisco site too that 6.7 support. ... View more

Good question, 6.7 recently released i was thinking to upgrade later month for the NGFWv to test.   as per document it should be supported as i have not see any report not working. but hardware resource changed from 6.5 onwards   https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/vmware/ftdv/ftdv-vmware-gsg/ftdv-vmware-intro.html#id_107230 ... View more

How is your Server side config is this active/Standby ? LACP ?   can you post interface configuration on the next side where these ports connected. ... View more

here is the campus design guide with sample config for QOS   https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book/QoSDesign.html ... View more

Can you post both side configuration like below :   show version show run   how these sites connected ? what is the distance between these sites  ? what link is this- MPLS ?   ... View more

Trying to understand your config   what is the port connected to Nexus ? between 3850 to Nexus 3K   can you post that configuration,  is that a Trunk ? ... View more

From notes :   They both use different protocols SSH and IPSEC, and there are both secure in terms of security.   Q1. Whats the difference between SSL VPN Client & WEBVPN Ans. The difference between the webvpn and SSL VPN Client is the WebVPN uses SSL/TLS and port forwarding via a java app for application support, it also only supports unicast TCP traffic, no ip address is assigned to the client, and all the web-browsing down the tunnel is done with an SSL web-mangle that allows us to stuff things into the SSL session. The SSL VPN Client is a full tunneling client using SSL/TCP that installs an app on the machine and envelopes the vpn traffic into the ssl session and also has an ip address assigned so the tunnel is two way, not uni-directional. It allows for application support over the tunnel without having to set up a port forward for each application.   Q2. Is it true that with SSL VPN Client we will have more features than WEBVPN ? Ans. It is a fact that the SSL VPN Client provides more support than the WebVPN does, but in regards to features WebVPN has more features because every little bit of it has to be configured. The SSL VPN Client provides wider support with less to configure and is much more functional.   Q3. Which soultion would be right for us WEBVPN or SSL VPN ? Ans. This last question I really cannot answer as it's not TAC's position to tell you what you do and do not need. My opinion is that the SSL VPN is by far a better solution as it runs over SSL over TCP, had small impact to all traffic to determine if traffic is destined for STC client and faster than mangled WebVPN, but in the end it's really up to you to decide which features you do and do not need. ... View more

yes SVL Limited to 2 chasis, but you can joing Different Domains.   https://www.cisco.com/c/dam/en/us/products/collateral/switches/catalyst-9000/nb-06-cat-9k-stack-wp-cte-en.pdf ... View more

Cisco moving towards DNAC. ... View more

yes you need to follow the upgrade path to go to final version.   read the release notes before upgrading..   https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/upgrade/715_N1_1/n5500_upgrade_downgrade_715_n1_1.html ... View more

If you meant to ISP (not IPS i guess)   here is the setup guide for reference, any issue post the running config, so we can tweak or suggest.   https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html   not sure what license you have can you post show version to look. ... View more

yes, that is the reason while doing BoM need to cross check before we buy   if found the solution mark as solved. ... View more