Is it possible to enable Anyconnect on two interfaces? We're having some performance issue and I tried enabling another spare interface and assigned it with a private IP and with security level 0. I have also enabled ssl trustpoint on that interface and enable it for anyconnect webvpn. We're using certificate just a fyi . We're not able to connect. Just wondering if this is supported to have anyconnect on more than 1 outside interface and if it is ok to have the interface with a Private IP.
Thank you in advance,
You can configure it on many interfaces.
You will most likely be constrained with routing the return traffic properly more so than anything else.
Check your interface settings and access control policies. Something is not right.
I just installed a Firepower 2110 HA pair running FTD for a customer and measured Speedtest results of 980-990 Mbps on a 1 Gbps connection.
If you are running an ASA image on your Firepower 2130 it will not have any of the Firepower NGIPS features. It will run only as a "classic" ASA (no service module) with the difference being that you have the Firepower Chassis Manager (FCM) to do initial setup and manage the physical chassis, deploy the ASA image (logical device) and assign interfaces to the ASA.
No Firepower Control license, IPS subscription, URL filtering license or Malware license can be used as those features are not available.
You just setup the ASA as usual once you've deployed in via FCM.
The bug details indicate that is cosmetic only and does not affect traffic.
You might want to open a TAC case to look into your settings in detail.
Thanks Marvin, Cisco isn't clear on the ordering guide on the Subscription licenses you can add for firepower with the ASA image, or am I missing something. On CCW you can select the firepower with ASA software (or FPR2130-ASA-K9 )and also select the malware licenses (or FPR2130-ASA-K9 ) in the bundle option. So this combination is not compatible? only with FPR2130-NGFW-K9 ?
When a Firepower appliance (2100, 4100 or 9300 series) is running an ASA image (als0 known as logical device), the ASA only has capability to run as a base ASA - that is, NO Firepower service module.
Thus the IPS subscription, Malware or URL Filtering licenses are all incompatible with that image.