Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I've been fighting this issue for a couple days now, and not sure exactly what's going on. Here's a quick run down:
Windows Server 2012 R2 (Domain Controller, running FP User Agent 2.3 local)Firepower Management Center 6.0.1.2ASA 5506-X w/ Firepower...
@Rob Ingram wrote:You will see ESP packets on the egress, but between the VPN peer IP addresses (the external/outside interface of the router/firewall) only - the interesting traffic IP addresses will be encapsulated inside the ESP packets, the inter...
@Gabrielm1 wrote:Yes, it's an internal CA signed by digicert. You have documentation on how to create the template for the CA to import the cert into the FMC without the contraint error?See my last reply with screenshots.
Marvin's absolutely right (as Marvins are want to be). If you're using a Microsoft CA, I normally duplicate the Web Server template, update the compatibility, enable basic constraints, and mark it as critical. No doubt there is another way to do it, ...
@CiscoBrownBelt wrote:When conducting on ASA a Packet-Capture filtering the 1 and only subnet of interesting traffic to use IPSEC tunnel as source to ANY, I am not seeing any ESP or IPSEC traffic on the Egress interface when viewing the PCAP in Wires...
All of the job security :-).For HTTPS cert, is that for the FMC management UI or are you looking toimport an Identity Cert for the FTD (for AnyConnect)?
