Hi All,  I have a question which may seem a bit weird to you but it it stuck in my head. When we have PAT device in front of VPN gateway we have to use one of the workarounds which is NAT-T. But my question is in Message 5 and 6 of negotiations gateways send their interface IPs (If hostname not configured) and my gateway sitting behind PAT will put its private IP in payload. However other side is configured to receive connection from Public IP. Should not it create a problem for VPN upcoming?   Thanks in advance!  ... View more

Hello everyone. I have a FTD 2130 firewall sitting behind internet router which is just route all public range we purchased to firewall. In FTD we do not have any Public IP attached to internet, we use Public IPs on NAT configurations with Proxy-ARP. We have one IP that is for Global VPN connections that is not used in any configuration of FTD. However we use it in Internet router in 1-to-1 static nat configuration. The design is as below:   FW(192.168.1.1) -------(192.168.1.2)INET Router(Public IP)-------CLoud. I have VPN connections working properly with third-party companies. From show commands I see that some of them use NAT-T and some just encapsulates with ESP. I confirmed it from "show ip nat translations" in router. That is as I expected because I was sure that static one to one NAT should not affect VPN and ESP. NAT-T is for PAT designs.   But the problem is I created simple LAB in virtual environment as same design as above and if I disable NAT-T in one end, VPN becomes UP but connection fail. I suspect it because static nat in router.   Now my question is: If I use static 1-to-1 nat (Not any PORT translation) do I still need NAT-T. From my LAB the answer i get is YES. But from my real environment the answer is NO because i have current connections that are not using UDP 4500 but just ESP.   Thanks in Advance! ... View more

Hi All, We have 4 firewalls: 2 FTD 2130 in HA (Active-Passive) pair and 2 ASA5525x in HA (Active-Passive) pair. In network redesign process my SV asked my to connect them directly. I prefer joining each one with one interface to switch and allocate vlan to them but SV tells he wants without SW directly connection. So, I wonder what will be design of this situation?  Thanks in advance! ... View more

Hi all, I want to ask you a question about language of prompt. I am newbie to UCCX Scripting and creating my first lab scriptis. I have already completed several best practice scripts successfully. Now, I would like to create script with would read information from DB and prompt it. The problem is my native language. For example i am using "Create Generated Prompt" and turning it to a simple prompt which will spell out this "You balance is one hundred twenty three (123) dollar". The problem is integer is spelled out in English by default and some custom languages can be added. My native language, Azerbaijani, is not in the list. How can I solve this problem?   Thanks in advance ... View more

Hi all,   I have been working with asdm 7.9(2) properly for a while but 2 days ago i needed to format my PC. After formatting I did all usual steps for asdm such as java, java exception list, windows smart screen defender and etc.. However this time I cannot connect to ASA. Login screen loads everything and launch but gets stuck on device discovering screen. It almost everytime stucks in 15% Device Discovery and in last couple tries it completes Device Discovery but does not give any error telling "ASDM did not get a response from the ASA in the last 60 seconds. Please check the configuration and your connection and then try again". I can connect from second Laptop but from this one not.   ASDM version: 7.9(2) Also tried 7.6 ASA version : 9.44 Java version : 8.45 Also tried 8.201   Thanks in advance! ... View more