We have a large number of sites using Cisco ASA5505 firewalls with the IPSEC (ikev1) client in a very standard setup (just the basic wizard driven config, split tunneling and RADIUS enable). These have always worked well and we never having any problems until the last few weeks. The problem appears to be that the clients just randomly disconnect after a number of minutes, and sometimes this could up to an hour or more. On further investigation it would appear that if there is no traffic over the VPN then the connection drops, even through the idle timeout is set to 30 mins. The fix seems to require the disabling of the McAfee SaaS Firewall service.
We are taking the assumption that the firewall is blocking keep-alive traffic or dead peer detection of some kind, and therefore the client or firewall are assuming disconnection after a short period of no actual traffic (pinging the host network will keep the connection alive).
Recently McAfee updated the SaaS client to version 6 which includes v15 of the firewall service, and it seems to be related.
We are trying to get something out of McAfee to see whats changed, but I wonder if anyone else has experienced this and has found a policy workaround to prevent having to disable the firewall entirely.
Hello team I have configured guest access on ise which is working fine.But rigth now when requestion access, guest can put 4 numeric value in phone number fields. How to force use filling the account creation form with a minimum of 8 numer...
QuestionHello , somebody know if it´s possible to remove the device registration status from the MyDevices portal for the spanish page?By default the status is dispalyed (registered/Pending), this condition was fixed in the english page after load a...
Dears, Please note that I have ASA 5515 running version 9.4.(4)20 and managed through FDM. In addition, I have FMC version 18.104.22.168 for the IPS. I need to upgrade the only the ASA to the latest supported version that work with the FMC version 6.0...
To participate in this event, please use the button to ask your questions
This topic is a chance to clarify your questions about Cisco Threat Response, from its components and new features to ...
Community Live Slides- How to optimize your Cisco Security investments with Threat Response
(Live event - formerly known as Webcast- Tuesday February 18, 2020 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event had place on Tuesday 18th, Februa...