Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi George, Could it be CoPP blocking ICMP traffic? https://community.cisco.com/t5/networking-documents/icmp-ping-drops-when-pinging-from-nexus-7000/ta-p/3125996
Have you tried the following command:- sysopt connection permit-vpn This will allow you SSL clients to bypass the interface access-lists. Below seems to be a good article I found for setting up an anyconnect client:- https://www.techrepublic.com/blog...
I assume you do not have a default NAT rule and you only NAT the traffic which is allowed by your access rules. You can use the object-group with the FQDN to NAT the taffic:- nat (INSIDE,OUTSIDE) source static Source_Group interface destination stati...
Hi Anjali, I am pretty sure that ASA's cannot do wildcard FQDN's and you would have to add each FQDN into an object-group separately. If the destination network has a list of static public IP addresses that it uses then you could permit the IP addres...
Hi Vudex, Looks like the user in the below post was having similar issues:- https://community.cisco.com/t5/switching/unknown-protocol-drops/td-p/1064330 Could DTP be the cause of the drops?
