Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Dear colleagues,I built a setup in my lab to check the funtionality of dot1x. The scheme looks like this:supplicant (win7) - (port gi1/0/1) cisco 2960x - ISE (virtual PAN + PSN) - MS AD (as external identity source).At this moment dot1x does not work...
Hello, all! Could you kindly explain, how the Network Map feature works?I have my lab in virtual environmentvPC1 - vFTD1 - vFTD2 - vPC2.vFTDs are connected to one vFMC.vFMC version is 7.0.1, vFTD - 7.0.0I ping from vPC1 to vPC2, but I don't see anyth...
Hi guys, As I see, there are two options to monitor Cisco FTD - via direct SNMP polls/traps, or via health policy on Cisco FMC.As it is stated here https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/white-paper-c11-741739.htmls...
Dear colleagues, on Cisco FTD it is a bit tricky to implement NAT-rules, please help me to understand how to do this. I attached the picture. Here we have two sites, connected via ISP. On each site we have Cisco FTD and server. Servers should initiat...
Hi all, We plan to implement IPSec VTI on FTD2120 on HA Pair.As I can see, IPSec VTI is not supported on cluster:https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/216276-configure-route-based-site-to-site-vpn-t.h...
Desitnation is the Server-2 and it has default route via FTD-2, on FTD-2 there will be NAT rule, which changes dst IP from 192.168.1.2 to 10.1.1.3. Where am I wrong?
Why not, destination IP would be still changed, routing works based on the destination IP (except some weird PBR things), so it would be routed to the end.
Hello Rob, thank you, it works! But is it possible to keep the src IP unchanged during the NAT? Don't know for what reason, but just "academic" curiosity, is it possible?
