Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We're undertaking a migration from ASAs to FTD 2130 appliances. The current solution uses AnyConnect 4.7 and leverages Trusted Network Detection; the main driver being that users should not have to manually start the AnyConnect client and instead sho...
Hi All,We're in discussions with a customer about deploying an FTD within azure. It all seems fairly straightforward, apart from one critical point; they dont have 1 VNET, they have multiple, this is because they have f5 load balancers in the environ...
When creating a site to site VPN on the FMC for FTD devices, is it possible to create a backup VPN for another site? for example if site A normally has a VPN to site B but should site B be unavailable can site C be configured as a backup? This doesn'...
When giving an ASA an NTP server that is on the outside Internet, is there a way of forcing which NAT rule it uses? It seems to use the default egress interface which is not what we want.
We've tried creating a NAT rule that has a source interface of...
Hi
On an ASA with AnyConnect remote access VPN we current have users authenticated using RSA. It is possible to combine this with certificate authentication? Or is it an either/ or type choice?
Thanks, Anish
Hi Marvin,A colleague of mine also suspected this would be the case. We will be testing this for the customer during the course of the coming days so I too will keep you posted. Thanks, Anish
Hi James,
We're going to try and mess about with it. But in answer to your question, we need to NAT it because the outside interface of the firewall isn't the outside routable address.
Cheers, Anish
Hi James,
thanks for the coherent response. can I just check a couple of things with you?
with the command:
object network obj-localsubnet 172.22.1.0 255.255.255.0 (inside interface)
Are you proposing that we have the inside interface even though...
The NTP command reads as follows:
ntp server x.x.x.x source outside
(no authentication is used)
If we do a packet tracer and we specify the outside interface of the firewall as the source IP address, the NAT rule we want fires correctly. I'm not in a...
Hi Marvin,Yes the FSM is a VM so we changed the IP address at the command line via the VM console and used the configure-network script located in the path you stated. This enabled us to change the IP address. However the issue is since doing so th...
