Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello. I have the below setup for a mirrored port going to a laptop with wireshark. I have the access-list\monitor filter setup, but it's still showing all traffic and is generating a 100 MB file every minute, which is too much. What am I missing? I ...
Hello there,I have the below basic network diagram. We have two ASA firewalls, both newer 5500 models. One has Firepower Module and is used for our internet browsing for the company. The other is simply used as an AnyConnect VPN Concentrator without ...
I think I have a relatively easy one. Currently our ASA 5515 with firepower services is only allowing browsing to trusted geolocation for internet browsing through Firepower services at our corporate location. We want to change that, and only allow o...
Hello,My manager has tasked me with changing the pre-shared local and remote keys of our 20+ home office Ikev2 site-to-site VPN's. They are either an ASA 5505 (retiring) or Cisco C881 router. Both are using ikev2. I want to be able to remote into the...
Hello,My manager wants me to find an answer to this topic. We have a class C public subnet that is ours, and we have two data centers with ISR routers with full BGP neighborship to two different ISP at each data center. Those BGP routers are also nei...
I opened a TAC case, and that engineer could not figure it out either. However we just put the filter on the live wireshark capture as apposed to on the Nexus itself. That worked for us.
I tried removing the deny line in my ip access-list and it still captures everything. I got a little closer with your suggestion of the filter frame-type within the monitor session, but it was only getting traffic in one direction. Cisco TAC is needi...
Thanks Rob this lead me to the right answer. The primary FW did not have a route to this particular subnet out it's inside interface. After making that route I started to see their internet traffic on the primary FW like I think I should.
Well I guess we have that setup already, but I'm not seeing traffic in our Primary firewall for the same destination IP as I'm seeing on the VPN firewall. I see there are no NAT rules on the VPN ASA, but in theory we wouldn't need to NAT them as we h...
