Hi All I'm trying to create a VPN policy to use SAML instead of Radius. The SAML IdP is Microsoft AAD. If I open the ASA (version 9.9(2)52) website, I get correctly redirected to the AAD site and can authenticate myself there. Afterwards I land on ...
Forum Posts
Hello experts, and good day to you all, I have an issue below that made me scratch my head to find a solution/workaround. "%IOSXE-3-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:134 TS:00000063236949653216 %ATTN-3-SYNC_TIMEOUT: msecs since last timeout 62...
Resolved! PKI CA architecture
I have defined Trustpoints on my ASA my understanding is these entities will be used as CA with no requirement for CSR to pass to a third party Compiled on Fri 27-May-22 15:35 GMT by buildersSystem image file is "boot:/asa9181-smp-k8.bin"Config fil...
Hello.This is a fairly straight-forward question. Is it possible to have a management tunnel profile without a user tunnel profile? Or is it possible to have a management tunnel profile with a user tunnel profile but where the user tunnel profile i...
We have several internal VLANs that need to get an IP address from a DHCP server that resides across a site-to-site tunnel. Here is the configuration for DHCP relay: dhcprelay server 172.17.32.10 outsidedhcprelay enable wirelessdhcprelay enable print...
Resolved! Problem with certificate import on vASA
Attempted to install a certificate in ASDM for a vASA.Did this the other day on another vASA with no problemThe trustpoint gets created, but the messages "PKCS #12 import failed". If I watch the logs when doing the import, I get a ton of messages of...
Need some help and expertise advise in here. I searched the web but couldn't find much information.Here is the case: During the process of generating the CSR on ASA, I got the following message:WARNING: The certificate enrollment is configured with ...
Hello Sec Gurus, I'm running into a solution design misunderstanding, as the same time implementation, an ISP suggested the below design to have an internal subnet in the right tunneled back to his MPLS network back to the main office, to reach ISP...
My ASA has already 3 interfaces configured: outside (internet ISP#1), publilink (extranet ISP#1) and inside. Our current VPNs connect through the outside interface. The outside interface is also the default route for all traffic to the internet. T...
Hi I'm Ivan I have fmc 7.0.1 and 1 ftd for vpn remote access services integrated to Cisco ISE v3.1. The vpn works fine (ISE and FTD), but when I try to see "Table Events" for "User VPN Activities" I can not see any records. From cli of ftd I can see ...
Hi,How can I change the ldap-naming-attribute on an FTD device?We try to login on an ldap server, but the device is using cn attribute instead of uid. On ASA we can use ldap-naming-attribute, but on FTD there is no way on the gui nor the api.
Using AnyConnect Client with corporate SAML/SSO, after completing sign-in details in the popup login window (embedded browser) there is briefly a green message shown (presumably all good) and then the pop up window closes as expected, but the AnyConn...
Hello folks, I have been trying to get a second connection profile working under our RA-VPN configuration on the FMC with FTDs. The first connection profile is working and I get connected then when I connect to the second one does not route any tra...
Good Morning ,I have RV340 firewall and today I use a VPN L2TP Server I ask is it safe? I would also like to know if we can configure an IKEV2 VPN in the same style as the L2TP Server? is there any firewall option ?
Hello all, I have ISR 1100 IOS-XE 16.8.1 with FlexVPN Anyconnect via IPsec configured and i have ran into an issue of access for specific users. I'm using split tunneling for needed networks but how can I create user groups and allow them access to ...
