Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello, I have two ExpressRoute connections to Azure. They are on the ASAs. (Please see network diagram). Firewalls are running as standalone - no failiover pair. Core switch is running OSPF with firewalls. Firewalls are peering with AZURE using BGP. ...
Hello, Is GRE over IPSEC supported on the CSR1000v on Azure? I found in the documentation that GRE is not supported but I am wondering if it is supported over IPSEC. Thanks,Nenad
Hello, I am trying to configure anyconnect certificate based authentication on the Cisco ASA (9.8). Is there a detailed guide I can follow for that?I am trying to use AD certificate services to issue a user certificate. Thank you!
Hello, Just replaced an ASA 5512 with the Firepower 1120 running 6.5.0.4 standalone (no FMC) Many users are complaining about disconnects. I am seeing a lot of these log messages:2020 19:02:53: %FTD-4-722037: Group <Anyconnect_Group_policy> User <jbx...
Hello, I have two ExpressRoute connections to Azure. They are on the ASAs. (Please see network diagram). Firewalls are running as standalone - no failiover pair. Core switch is running OSPF with firewalls. Firewalls are peering with AZURE using BGP. ...
Works on the FMC as well. Cert My-ASA-Cert.pem needs to be added manually (like the Azure cert) and then added into Devices-Certificates. Thanks a lot!
We can't do anything on the Azure side routers. Only ASAs. Prepending was done on the ASA2. Azure side does Active/Active and as far as I see the only way to influence that would be to use AS prepend (on the ASA side) with Public ASN. "TCP bypass wo...
Someone else configured that part. Not sure why they did it that way. Why would my access list not been hit?
Don't have the access to the router at the moment but I am pretty sure that I saw hits on the access list. Can post output later or tomorro...
This is what I have. Not sure if I posted the most recent config:
ip access-list extended NAT-11011 deny ip host 10.100.1.132 10.120.1.0 0.0.0.255 permit ip 10.100.1.0 0.0.0.255 any permit ip 10.100.3.0 0.0.0.255 any permit ip 10.100.2.0 0.0.0.255 ...
