Hello, I'm facing a strange issue with our Cisco ASA after building the S2S VPN configuration, there is a warning message ( WARNING: There is no site-to-site VPN license allocated to this context. Please go to Security Context Management to allocat...
Forum Posts
Resolved! VPN Failover not working - C1117 router
Hi all, I've have routers with the following config - crypto map tunnel-vpn 10 ipsec-isakmpset peer xxx.xxx.xxx.xxx defaultset peer zzz.zzz.zzz.zzzset security-association lifetime seconds 28800set transform-set tunnel-vpn-site-link-tsmatch address ...
Dear all, I am new to security issues and I have a complicated scenario. I changed the IP addresses so as not to expose the network, but the scenario is complete. I have 2 branches in Brazil that communicate via LAN-to-LAN. Wherever I close the VPN (...
Hey all,I've somehow successfully got an IPSec tunnel up between 2x 5506-X ASAs in packet tracer (something of a miracle for me, although this is using 3DES at the moment which I need to correct) but as soon as I apply a dynamic NAT rule [nat (inside...
Hi I tried include more than 40 sufix in dnsgroup-policy GRP_VPN_GUEST attributesdns-server value X.X.X.X.split-tunnel-policy tunnelspecifiedsplit-dns value domain1.com domain2.com ........ .domain40.comI able to include split-dns all domain but whe...
Hi,we have 2 routers connected to each other via an IPSec tunnel. Both routers are on private networks so there is no natting going on.The IPSec tunnel is fine and traffic is flowing between the local networks (crypto map/access lists are fine) via t...
Hi All,I am seeking guidance on process of changing CA.We currently use Firepower firewalls at HQ managed by FMC. It is configured for Remote Access and has been uploaded with both AnyConnect Client Image and AnyConnect VPN Profile.Same Cisco AnyCone...
Hello,I have a Cisco ASA that has three IKEv1 tunnels and I need to change one of them to use IKEv2.Attached is the original running-config that brings all three IKEv1 tunnels up and active. Also, I have attached the running config of the ASA after s...
Hello,I successfully configured a Tunnel-Group to use SAML with Cisco Secure Client (aka AnyConnect).Now I want to enable SAML on the DefaultWEBVPNGroup.This works for the VPN-Client.But when I open the ASA website in my browser an Login via SAML I c...
Resolved! VPN Load balancing (Design)
Hi All,We're about to re-design our AnyConnect remote access solution, moving from a pair of FTD 1140 in HA (they are a part of a branch office), to something that can provide more bandwidth to our users. It's a business requirement, so I won't argue...
Hi All,We currently run cisco firepower firewalls (in ASA mode) with anyconnect access for staff, this is all working very well with users connecting with the Cisco Secure Client (ver 5.1). However, we now have a requirement for Cyber Essentials in ...
Hi,I have been informed that there is a potential vulnerability on our ASA SSL VPN since the webvpn is enabled. here is the config on the ASA with specific questions. please advise:webvpnenable outsidehttp-headershsts-serverenablemax-age 31536000incl...
We are trying to get the ASA Dynamic Access Policies to restrict the users to certain ACLs by a group claim attribute from the Entra/Azure Enterprise application. The group claim seems to be getting to the ASA:But the DAP does not apply.I can test th...
Hello All,My organization recently migrated from the ASA firewall to the Cisco FTD. I noticed from my little research that the webvpn was discontinued in cisco FTD. I somehow still believe cisco would have created some work around or something and ma...
