11-12-2018 07:58 PM - edited 02-21-2020 09:30 PM
Is it possible to enable Anyconnect on two interfaces? We're having some performance issue and I tried enabling another spare interface and assigned it with a private IP and with security level 0. I have also enabled ssl trustpoint on that interface and enable it for anyconnect webvpn. We're using certificate just a fyi . We're not able to connect. Just wondering if this is supported to have anyconnect on more than 1 outside interface and if it is ok to have the interface with a Private IP.
Thank you in advance,
11-13-2018 07:02 AM
You can configure it on many interfaces.
You will most likely be constrained with routing the return traffic properly more so than anything else.
11-13-2018 08:36 PM
11-13-2018 08:55 PM
11-14-2018 02:06 AM
Check your interface settings and access control policies. Something is not right.
I just installed a Firepower 2110 HA pair running FTD for a customer and measured Speedtest results of 980-990 Mbps on a 1 Gbps connection.
11-14-2018 07:11 AM
11-14-2018 08:28 AM
Is the Firepower 2130 running ASA image or FTD image?
11-14-2018 08:35 AM
11-14-2018 04:04 PM
11-14-2018 05:52 PM
If you are running an ASA image on your Firepower 2130 it will not have any of the Firepower NGIPS features. It will run only as a "classic" ASA (no service module) with the difference being that you have the Firepower Chassis Manager (FCM) to do initial setup and manage the physical chassis, deploy the ASA image (logical device) and assign interfaces to the ASA.
No Firepower Control license, IPS subscription, URL filtering license or Malware license can be used as those features are not available.
You just setup the ASA as usual once you've deployed in via FCM.
11-14-2018 10:57 PM
11-15-2018 03:16 AM
The bug details indicate that is cosmetic only and does not affect traffic.
You might want to open a TAC case to look into your settings in detail.
11-15-2018 07:12 AM
Thank you Marvin, I'll follow up on the settings with TAC.
12-03-2018 12:40 AM
Thanks Marvin, Cisco isn't clear on the ordering guide on the Subscription licenses you can add for firepower with the ASA image, or am I missing something. On CCW you can select the firepower with ASA software (or FPR2130-ASA-K9 )and also select the malware licenses (or FPR2130-ASA-K9 ) in the bundle option. So this combination is not compatible? only with FPR2130-NGFW-K9 ?
12-03-2018 02:30 AM
When a Firepower appliance (2100, 4100 or 9300 series) is running an ASA image (als0 known as logical device), the ASA only has capability to run as a base ASA - that is, NO Firepower service module.
Thus the IPS subscription, Malware or URL Filtering licenses are all incompatible with that image.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide