Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,
I'm trying to get my FTD appliance to talk IPv6. It's a 5506-X appliance connected to an xfinity home service (so small environment). The FTD appliance doesn't pick up an IPv6 address and I'm curious as to why that is. According to the carr...
Hi all,
I have a customer who would like to put an ASA (vpn_asa) behind another ASA (outside_asa) that attaches to the internet, and use the vpn_asa to offload VPN connections. There are architectural reasons they want to do so, which we're talking...
Hi,
I have a customer who is trying to generate some reports for a certain time window. In some of the reports, after you go into the template than hit "Generate Report" there is an option to specify a time window. In other reports the option to spe...
I have a customer who wants to provision a policy so that only domain joined computers (e.g. company owned laptops) can attach to VPN. We've talked about using certificates, but they don't want the added complexity, and they're also nervous about tec...
I am looking to employ VACL functionality on some 2960Xs to filter intra-VLAN traffic. In reading through the 2960X configuration document for 15.0(2)E, it says, "On switches running the LAN Base feature set, VLAN maps are not supported."
https://w...
Hi Rahul, thanks for the feedback.
So you don't see any certificate issues? Do I need to put multiple IPs (one for external ip of outside_asa, one for external ip of vpn_asa) into the SAN field in the CSR I submit to our cert provider?
I don't th...
Shakti, thanks for the info.
This looks like it requires CSD to scan the host for that domain registry key. I believe CSD is EoS/EoL and replaced by ISE Posture Assessment - but I could be wrong - starting to get out of my depth in this product line...
Julio, thanks for verifying.
I was able to put a VACL/VLAN Map in place and verify functionality on 4 2960Xs utilizing the LAN Base code over the weekend - so it appears this documentation is wrong.
Hi Julio,
Shouldn't a VACL employ it's policy by using the ASIC and therefore not cause any CPU spikes?
Getting access to the devices to run those commands is quite difficult and requires jumping through quite a few hoops - but I'll try.
Thanks.
