Is it possible to have RA-VPN/Secure Client configured on one outside interface while having local internet traffic route out another outside interface? Something like this? Is it as easy as adding a route to the RA-VPN subnet pointing to the interf...
We have a Cisco Firewpower 4115 and currently have VPN configured with MFA. Our SSO provider is Azure.I am trying to add a second profile that has a few differences from our main profile. It also needs to be MFA. But when I add a SSO provider and ass...
spoke has dual ISP so i need second ISP interface as backup.i am new at flexvpn so maybe i missing something in configuration.Current configuration : 4242 bytes!! Last configuration change at 18:24:57 UTC Fri Apr 18 2025!version 15.4service timestamp...
Hi Everyone!I’m trying to use the Dynamic Access Policy in Cisco FMC to create a RA policy for specific VPN profiles.I’m trying the new FMC DAP option under Device/VPN/DAP.Have someone ever used this feature to create a policy like this:If the user s...
Hi All, This is something that has had me troubleshoot for a while, but i couldn't find an answer so got on here hoping to find some answers. So my setup is like this: Laptop Users --> Anyconnect VPN to ASA 5545 (office) --> site-to-site VPN to ou...
For several years, we have been using preferences.xml under "%LocalAppData%\Cisco\Cisco Secure Client\VPN" to provide the host address and the default group.Since version V5.1.8.105, released few days ago, this no longer works, for example, the domai...
I use the Cisco Secure Client Anyconnect VPN for work. The desktop application connects with a password that's a combination of a 6 digit fixed password (say 123456) and a 6 digit temporary password (say abcdef) that changes every 30 seconds from the...
I have a simple network of a few Cisco routers. Once in a while I'm seeing a "%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi" error, even though my VPN connection works well. What can cause these messages?
We have 2 FMC in 2 remote offices, each FMC have 2 HA Firepowers and 2 ISPs. Can I use SD-WAN toplogy to connect them for IPSec Failover? I can't add spoke as Firepowers connected to different FMC
in flex vpn spoke has two tunnels to same Hub.and wanna use ip address negotiated function on these tunnels and pools created on hub.but issue is spoke tunnels somehow assign ip address from each other's pools on hub.even using fully different config...
Good morning everyone,I have a Cisco 1210CE FTD secure firewall with software 7.6 andI'm trying to add a VPN based on a LAN-LAN route and I would need to create a static routeto route traffic in the VPN only if the destination is for example the netw...
Hello community, I have 2 FTD2 (1010) managed by FMC.On one of FTDs I have 2 ISP while using SLA to switch to backup line in case of failure of primary.I did build 2 VPN tunnels between FTDs, while one is on primary ISP, second is on stby ISP.If I si...
Hello EveryoneI have some generic questions regarding the IPsec.When we use Crypto Map on VPN. How does the Routing table update the protected network? Generally I know how it works, but I wonder if the IP route should be inserted in the routing tabl...
Hi AllI would like to know what most people are doing for secure access to company resources and applications these days.We currently use Anyconnect for third parties, with some posture checking using the posture agent on Anyconnect. We then lock acc...
Hi anyone We have testing VPN IPsec on GNS3 lab. After configuration IPsec not working Result Session statusInterface: FastEthernet0/0Session status: DOWNPeer: 1.1.1.2 port 500IPSEC FLOW: permit ip 10.0.0.0/255.255.255.0 10.0.1.0/255.255.255.0Active...
