Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
LS,I have a ASA firewall (FP1010 running firmware 9.24). Problem: the ASA drops the ARP response when the source IP in the ARP request is set to "0.0.0.0".Is this a bug in the ASA software, why is it dropping the ARP response?Context:Host A on the ou...
Hi, I am stuck trying to get the following setup to work on an ASA5506 running in transparent mode.We use this setup to filter some traffic between our device and the corporate network. We use the ASA5506 (running firmware 9.14) in the following setu...
LS, after configuring a Cisco FP1010 running ASA software version 9.14(2) I get a warning when starting ASDM. "You have HTTPS enabled on a non-management-only interface, and you have not enable the Encryption-3DES-AES license. If you configure a feat...
Hi, I am using a Cisco FP1010 running ASA software. The ASA software on the 1010 runs on top of fxos.I installed 3 software bundles 9.14(1), 9.14(2) and 9.15(1) (using the downgrade disk1:/<image> disk1:/<config>)How can I manage these images?a) How...
Hi, I am trying to reduce the boot time off a CBS350-24T (firmware version 3.0.0.69).The boot time of the CBS350 is around 30 to 40 seconds longer then its predecessor the SG350-28 (125 seconds while the SG350 boots in approx. 90 seconds). For most ...
Feedback from Cisco support:"Based on the scenario we have have I can see that the firewall is acting as normally where no software defect is causing thisby default ASA only accepts ARP packets from IP addresses within the subnet of the connected int...
Thanks for the feedback.Looking at RFC 5227"In this document, the term 'ARP Probe' is used to refer to an ARPRequest packet, broadcast on the local link, with an all-zero 'senderIP address'. The 'sender hardware address' MUST contain the hardwareaddr...
The network switch of the customers is sending these ARP request to the hosts that do not have supplicant software installed and which got access to the network based on their MAC address. This works fine when the ASA is not installed but fails when ...
Hi Carl, enabling the 3DES-AES license is not an option due to export controls (see description).Can you explain how to disable HTTPS on "non-management interfaces"?I find the term "non-management-only" interfaces confusing? Any clue what it meant by...
no, I did not find another solution.If I recall correctly then the crypto keys are generated by the switch and made persistent. You can check the boot logging to see if the switch is creating them at startup.
