Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, We have two 5585s in cluster. We have been seeing very high number of cluster redirects under "show asp drop". They mainly increase only on one ASA. Around 10-20 redirects increase every second. Is it something to worry about? Does it mean traffi...
Hi,Have a question regarding HTTPS traffic going through IPS (AIP-SSM). I understand that Cisco IPS cannot monitor encrypted traffic except monitoring the headers and trailers. So,- Does it mean there's no use of sending HTTPS traffic to AIP-SSM (unl...
- ASA 5525 with Software IPSWhat could be the reason for ASA throwing this syslog everyday exactly when the signatures are configured for auto-update:%ASA-6-420005: Virtual Sensor vs0 was deleted from the AIP SSMAs per Cisco documentation, vs0 cannot...
Is there an equivalent command for "ip tacacs source-interface" on ASA? We have a L2L VPN between 2 ASAs and AAA server is across the VPN tunnel and I want the ASA to go to ACS with source interface as inside, not outside. aaa-server command is poin...
On FWSM, when two interfaces are at same security level and you see Reset-O or Reset-I in the syslogs, how to determine who sent the reset? There's "sh np 3 pif vlan ..." command for it.However, my question, what is the equivalent command for it on A...
Thank you tiwang but it's not a problem for me to not send HTTPS traffic through AIP-SSM. I am fine with not sending HTTPS traffic to AIP-SSM if there's no real use of it as it will be encrypted. So, as I had asked earlier, I just want to know:- Does...
Jennifer, the command reference does not tell this clearly and I am sure there are a lot of people like me who did not know what you said. As per command reference: (interface-name) (Optional) Specifies the network interface where the authentication...
Hey Jennifer, thanks a lot for the help. What you suggested worked !! I mentioned inside interface in the aaa-server command (aaa-server (inside)....) and even though the aaa-server was on outside interface, it still sent the packets out with sour...
Hi Othman,What you said is what I had done earlier but I was specifically looking to source the traffic from inside interface. Surprisingly, what Jennifer suggested above worked !! I mentioned inside interface in the aaa-server command (aaa-server (i...
