Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
This one FTD was greyed out on the FMC for a few days. This happened when the FTD had a power outage and it rebooted. Whenever I log in, it says "You have logged in while system startup is in progress. Please wait, some feature may be unavailable unt...
We just inherited a network that needs a lot of cleanup. The current setup consists of a core Cisco4510 connected via a ten gig link to a Juniper EX4600 which is in turn connected to several EX3400 access switches. The problem is that the Cisco shows...
When I do a wireshark capture on a switchport, I see my client's SYN go out and the SYN ACK come back within the same second. However, on the FWSM module sitting on the same switch, the SYN ACK doesn't arrive until after 30 sec and so it gets dropped...
Our client has two sites connecting to us via eBGP. Both client's sites are connected via eBGP and our two local devices are connected via iBGP. We have a need so that whenever any of the remote site networks are not reachable via one site, then the ...
My client's firewall is logging and dropping ipsec packets because they fail anti-replay check. I've seen elsewhere that you can disable the check globally. I have also seen that it is possible to disable the check per crypto map on IOS, but haven't ...
This is very old. Either way, my questions would be:
vpn-filter value filter_S2S_TunnelTwo_TeleCon --- where and how is this acl configured? default-group-policy S2S_TunnelOne_Primary ---- where and how is this GP configured? vpn-filter value filter_...
I agree on the alternative way to lock down the traffic, I would only add that the VTI interfaces would be on the ISR's, as ASA 8.4 would not support them.
On the asa's the crypto acl should contain the GRE source/destination IP's, then you should do twice-nat for that traffic on the asa as well. With that, the rest of the traffic will be natted and not be sent on the tunnel.
