Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, Am reaching out to see if anyone has any better information on these features as the Cisco documentation on both of them is pretty poor.BGP for transport side underlayThe guides I have read seem to suggest that if you are using BGP to get your de...
Hi, I am trying to workout a way to find the the last hit time for all the ACL rules on an FTD from the CLI. In ASAs you can use the show access-list all_name brief command and match the hashes from that with the hashes of the ACEs in an ACL to get t...
Hi, Does anyone know if is it possible to override the vMAC address for one specific specific distributed anycast-gateway SVI? From what I understand if you have a leaf and spine fabric with a pair of Leaf switches and pair of Border Gateway switche...
Hi, Has anyone come across issues with the naming of match statements in route-maps containing '>' or know of any documentation on what is allowed. I am trying to apply the following: ip prefix-list PL_OSPF98>>BGP65001_ME50 seq 5 permit 10.10.10.0/24...
Hi,
With a vFTD setup as an inline-set transparent NGIPS using the bare minimal settings we get huge spikes in ICMP latency for traffic going through it. The example in this post is just a test lab to keep it simple and prove definitely that it is ...
I tried out reconfiguring the transport-side so the tunnel interface was on the actual physical interface (rather than a loopback) with "allow service BGP" and everything works as expected. As this works it negotiates any need to look at NATs on loo...
Thanks for the information, I was wondering why it had the allow-service for BGP and OSPF if it wasn't meant to be done. I did try this out in a lab many months ago and seem to remember an issue with the the route being added but having no status (it...
Thanks for the response. The show rule hits doesn't work but by going into system support diagnostic-cli I can now run show access-list all_name brief and get the information I need, thanks
Hi, Guessing is probably not needed anymore but yes it can be done. To do it individually is pretty painful, you have to use show access-list all_name brief to to get the unix-time and match the hashes from that with the ACE hash (minus 0x at the sta...
