Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,
I'm currently on Cisco Prime 3.2.0. I have tried suppressing the alarms generated in Prime by creating an alarm policy. I have selected the switch models, the port group type (access ports) and event type as 'Link down (includes flapping).
Despit...
Hello,
I have a site-to-site VPN between two remote sites which is working as expected. LAN subnets at both sites are allowed for access over the VPN. I would like to be able to access the remote site when connecting remotely via AnyConnect to the lo...
Hi All,
I have been managing a firepower module via ASDM and lost access to it because of an access policy.
Is it possible to create/modify an access policy from the SFR console CLI?
Hi All,
I recently experienced an issue with a site-to-site VPN. The issue has now been resolved but i noticed a behaviour that I thought was strange during the troubleshooting which I felt may have reduced the troubleshooting time if it was otherwis...
Hi All,I'm currently having an issue with an ASA5512 that is configured with work with Firepower. Firepower has been successfully installed and configured using the firewall's MGT interface in the same VLAN as the inside interface. Logging on via ASD...
Hi Francesco,
Thanks for getting back to me. I have now resolved this. It turned out to be a human issue and not a firewall issue unfortunately. The person configuring the remote end had added the new subnet but did not commit the change (as required...
Hi,
Thanks for your post. I had something similar already. I just forgot to update the post...but thanks for your suggestion. In my case, I just disabled the policy-map on the required interface temporarily to get back in.
Quite disappointing that ...
Hi Marvin,
Tried from a different PC. No luck. After some troubleshooting, I found that the traffic was actually reaching the firepower module but the return traffic from the firepower module wasn't getting back to the client that initiated the TCP s...
Hmmm...You raise a good point. However, i noted that it was seeing the traffic source as the Outside interface, which is what you would expect over the VPN. On whether it may have been routed out to the internet and back...I don't know for sure but w...
Thanks Silvio. As mentioned, it was eventually due to a routing issue on a downstream device. I'm really just trying to understand why the ASA was seeing the traffic but was still not incrementing decaps
