Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi Everyone,
We are trying to set up an IPSEC tunnel between ASA and FTD. Nothing strange and normally it works w/o any issues. But in this case it does not..
IPSEC tunnel is established and, in this example being tested with ping traffic (tried oth...
Hi Everyone,
I am i process of migration from legacy ASA FW to the new FP3110 (the preparation phase).
With regards to Remote VPN, customer is currently using local user database on ASA, where different users are locked to different VPN Groups/Profi...
Hi Everyone,
Customer is enabling EDNS which uses > 512B packets.
This is then dropped by the inspection policy pasted at the bottom.
What would be the best way to bypass this inspection?
1. disabling 'inspect dns' via flexconfig - that is somethin...
Hi Everyone, not sure anyone has experienced it (google doesn't give any hits for it) but I will try anyway.
I want to use Firewall Migration Tool to migrate 3 contexts from ASA to a single instance on HA pair of FTD 3110s. This is supposed to be sup...
Hi All,
FP31XX is supporting multi instance deployment (starting from 3110 model if I remember correctly). At the same time FP31XX does not support FXOC Chassis Manager access which is normally used to deploy instances on FP41XX and higher. From thi...
Thanks to both of you for quick replies.
- I have requested config from the other side and should get it by tomorrow.
- indeed @tvotna - this is the new FP3110 and it's the first and, for the time being, the only one IPSEC tunnel on it. Is there any ...
To summarize, before I close this topic Apparently FTD managed with FMC, for a local user database on firewall, does not support 'VPN Group Lock' that could allow to 'lock' each user to different VPN tunnel (something that was possible on ASA). The...
Thanks to both of you @MHM Cisco World and @Marvin Rhoads .@MHM Cisco World - i know that document but it describes exactly what I managed to achieve - one Realm with set of users where all are 'locked' to one VPN Profile. But I dont see the option ...
Thanks fro your comments @tvotna @karenr022 @MHM Cisco World - at the end I have used the predifined in FMC flexconfig template to disable DNS inspection to get DNSSEC to work (it worked fine).. I did not manage changing the maximum message-length.....
hi @Leonardo Neves - how did affect this change you network? I am in similar situation and are supposed to change interface setup from data to data-sharing. Wondering what will be the consequences here.. I am planning to do it in the change window an...
