For your 1st clarification, yes you are right. However, rather than applying it per interface using the service-policy, you can just apply it on the default global policy that is configured on Cisco ASAs. You can find that default here. So if you wan...
Hi,For your first question: "Can I know why I need to add this inbound rule since same-security-traffic permit inter-interface is configured at FW 01?"It probably has to do with ICMP inspection. By default, ICMP traffic is not inspected by the ASA so...
For your dynamic NAT, I guess you meant to match "10.10.10.0" in the NAT statements? Either ways, those two NAT statements will not be accepted because they are duplicates. If you are looking to know the order of NAT rules used to match real addresse...
There is also a bug for this: CSCuq44875Even though it says it has been fixed on version 9.4(1) which is the version I'm using, I still found the bug, well on the ASAv.
Oh wow, you are quite right. I used version 8.4(2) and it worked on that. However, I just tried on version 9.4 and I am getting what you were getting. The context sensitive help just shows "Unrecognized command". However, if you know the syntax of th...