Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We have a pair of ASA-5508X firewalls configured as Active-Standby HA that is being configured in through the FMC on the management interface on a test network. These ASAs will be moved to our DR location, so the management IPs we're currently using ...
We had a previos TAC case open when the engineer created an asp-drop packet capture. It wasn't deleted, and we're having a problem today, so I decided to crank that up to see what packets may be dropped. Packets are flying across the screen, and I ca...
I have a client who has an ASA-5505 running 8.2(5). Cisco IS still supporting this firewall for the client because they are large and can pay for it. I've been lobbying to get the firmware updated, but it's still at the same level currently. This is...
We are using an ASA-5520 running 9.1(7) (very soon to be replaced by a Firepower), and we're having a problem with a vendor using an existing VPN tunnel to transfer files via FTP. The files in general are quite small, e.g. a few KB, and these transf...
We have a list of IP addresses that need to be blacklisted. However, I'm not able to figure out how or where to enter these, because I don't see a way to enter anything into the global blacklist. The Global Blacklist is listed under Networks in the S...
Thanks, both of you. I'll experiment with the tool to see how it goes. We have about 40 explicitly defined rules, but we were liberal with object-groups. It seemed pretty tedious to do this manually, but we do need to review the rules. We'll clean up...
We have the problem resolved, and I left out a key piece of information. I didn't realize this until after the fact. The company has implemented the VPN ASA to be behind another ASA, and the public IP of the VPN ASA is an RFC 1918 address. After mult...
Thanks for your input. Pre-shared key is the same. We used "Password" just to confirm. 20 minutes, and authentication issues occur. Change the PSK, and it works another 20 minutes. At least on our side. My bad on the ASA config in the original post. ...
