I have a customer that has a L2L VPN between their sites established with two ASAs. From time to time they complain about the VPN going down but I see no logs indicating this on the firewall and the tunnel is always up and working fine when i log in. I would like to setup an IPsla on each ASA to monitor the other ASA though the VPN. Is this possible? Currently when I try I can't ping from the local ASA through the tunnel even through I'm sourcing from an interface that is inside of the crypto map statement. I just get the below, thoughts? I added an ACL on inside1-db to allow all traffic (IP) from host 10.23.139.229 to 10.20.159.229 but still I get the same results on a packet tracer. What am i missing or is this just not possible? Obviously hosts on these networks can communicate to one another just fine across the VPN (example: 10.23.139.18 can talk to 10.20.159.10 no problem).
Result: input-interface: inside1-db input-status: up input-line-status: up output-interface: outside-acl output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rule
IntroductionComponentsISE ConfigurationEnd user perspective and Validation
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM ...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.