Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi I have set up clustering on 2 ASA 5555-x firewalls and just saw on the cisco site that SIP inspection is not supported. My organization provides a voip solution that requires SIP. Does anyone know a work around for SIP on an ASA cluster?I look for...
Can someone help with the currect packet-tracer command for l2l ipsec vpnon ASA (a) ciscoasa# packet-tracer input Outside tcp 10.10.1.2 12345 192.168.1.2 80 ASA (a)Inside ip address - 192.168.1.2Destination port 80ASA (b) Inside ip address - 10.10....
Hi Experts,Syslog is only showing me hit messages on access-list denying inbound traffic from external (i.e. internet) on outside interface but does not show deny hits from inside traffic going out to any smtp.i can see increamental hitcounts when i ...
Hello Experts,I have a question about adding 2 new sub-interfaces to my firewall on active/standby config.If i add a new sub-interface to an active firewall with existing sub-interface, do i need to add thesame sub-interface config to the standby als...
Hi Experts,We are changing our IPS (aip-ssm10) mode of operation from promiscous to Inline mode. Is there any caveats or anything i need to take into consideration before doing the switch? Is there a possibility to roll back incase something doesn't ...
Hi Rizwan,Thanks for your response. Cisco documentation specifically says SIP inspection is not supported in ASA cluster. When i tried see the error message i got. ASA-1(config)# policy-map global_policyASA-1(config-pmap)# class inspection_defaultAS...
Thanks kanwal for your response. We currently have active/standby configuration and wanted to take advantage of increased throughput on the cluster configuration. That may be my last option if i can't get the asa clustering to pass SIP traffic.
My question is that, can i use the above packet tracer command to confirm connectivity between two ends of a site-to-site vpn tunnel? Someone please respond...
If vpn setup is on ASA then I guess what your vendor is asking for is the IP of your Outside interface of your ASA (which is a most likely a public IP or ISP given IP). You do not require a NAT since it probably exists if your internal IP (i assume 1...
