Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a mix of 5516's and 5555's and I'm curious as to whether anyone can point me to benchmarks for device throughput when selecting different crypto options on these ASA models. Specifically, I am interested in whether individual connections or o...
I have several devices that use round robin hard coded NTP servers that I need to accommodate on a network segment. These devices do not behave correctly unless they can sync to an NTP server. Since they are not using authenticated NTP, I'd like to...
Does anyone have a working mobileconfig profile for the newer AnyConnect client? Apple's Configurator tool only creates profiles that work with AnyConnect Legacy, and while there are references on Cisco's site to creating a custom one for the newer ...
With ASDM 7.8.2 151 and ASA 9.8.2-8 it does not appear to be possible to create a service policy inspection rule that uses "all traffic" and the Firepower module.
With zero other rules, if I add a new service policy rule, choose global, then choose...
I have some pretty severely broken behavior from the 5506-X with FirePOWER that has made inline mode completely unusable for me. In real world terms, its behavior makes it impossible to reliably use Apple iOS or OS X systems if their traffic is being...
Yeah that works fine. I have noticed one difference between trying to enable dtls1.2 via ASDM vs configure terminal, If I use configure terminal and try "ssl server-version tlsv1.2 dtlsv1.2" it inserts the caret marker under the d in dtls. If I exec...
Yes, if I look in the licenses section it says "enabled" for Encryption-3DES-AES with a perpetual license. AnyConnect clients sessions to this 5516 negotiate AES256. I should note that the 5516 is just using the 4 built in anyconnect premium peer l...
I have not been able to get the 5516 to switch to DTLS1.2 and I thought it was not supported for it. I am running ASA 9.12(4) and ASDM 7.14(1) with AnyConnect 4.8.03052. If I do "ssl server-version tlsv1.2 dtlsv1.2" I get an error "invalid input det...
I was unaware of the tunnel optimization switches, is there a description anywhere of what this does? Since 5516 inexplicably does not support DTLS 1.2 it would be interesting to know if the "optimizations" are even relevant on that platform.
