Hi,Has any one had success with FTD machine certificate based authentication? I have user certificate based authentication working but I cannot get machine certificate based authentication to work. The same Microsoft CA signs both the user and mac...
Forum Posts
1st-If I add authentication-server-group xyz local under my AnyConnect tunnel-group, is it going to only authenticate users against LDAP? ASA(config)# tunnel-group xxx general-attributes ASA(config-tunnel-general)# authentication-server-group xyz LOC...
We have a, IKEv1 VPN tunnel between two 5516x firewalls, that fails phase 2 continuously until we do a shut/no shut on the tunnel interface. At times one side of the tunnel will show as mm_active, while the other side will show that it is rekeying. ...
I have 2 site-to-site VPNs on our ASA with a couple of vendors. One of them informed me yesterday that they are no longer able to access the resources they need. When I look up the vpn summary, I see this:Site-to-Site VPN : 0 : ...
Hi , We are running dynamic IPSEC VPN between spoke to DC .DC end IPSEC termination routers are ASR1001-X and spoke end ISR G2. DC end routers are generating below logs message and someone help me to understand the same Sep 14 18:06:53.014 IST: %CRYP...
hi i am having issues setting up what should be a straight forward tunnel between a fortigate 100. now i know the default for the fortigate is route based ip sec tunnels and the FTD is policy based hopefully that will change but even after finding th...
Resolved! DTLS1.2 for Anyconnect not an option
Hi, for some reason my anyconnect users connect using: DTLS1 and I wanted to upgrade to 1.2 if it's available. It's not an option to click on in ASDM. I'm running asa984-20-smp-k8.bin, should I be at another firmware version? Thanks!
Hello for everybpdy. We are going to change old ssl certificate on firepower 1140 by new ssl certificate. If i understood correclty, for this action i need delete current certificate from current anyconnect connection Delete it from pki certificate A...
Resolved! vpn and active directory
Hello,We are working towards a new remote vpn likely to be cisco ASA. The pull between different teams involved is if a radius(ISE) is needed or should the ASA be just integrated to talk directly with active directory servers and use groups within fr...
Good Morning to all,I need to configure a vpn to aws from a cisco c927 router but I have no option to configure it: FWTelecom(config-if)#tunnel mode ? aurp AURP TunnelTalk AppleTalk encapsulation cayman Cayman TunnelTalk AppleTalk encap...
EVS(config)#crypto map MAP ?<1-65535> Sequence to insert into crypto map entryclient Specify client configuration settingsgdoi Configure crypto map gdoi featuresisakmp-profile Specify isakmp profile to uselocal-address Interface to use for local addr...
Hello Teams, I have some questions. Is there pop-up notification system in anyconnect agent before RA-VPN user's password expiration?Or after expiration?As to my knowledge, ASA and FTD are possible using password-management command.But, I'm using FDM...
Resolved! IKEv2 on ASAv in Azure
I've deployed an ASAv (without a license yet) in my virtual network at Azure in order to test it to see if it will function how I expect it to when connecting IPsec VPNs (Azure tunnels don't support enough features). I was able to bring up an IKEv1 t...
Hello everyone, I am upgrading a single ASA firewall to a dual-ASA firewall. the deployment to consider is active/passive with state failover.My question is regarding the sync flows between the 2 ASA firewall, in my understanding, there are 2 ways t...
Hi all, I'm trying to build a VPN site-to-site between a multiple context CISCO 5525X (9.8(4)26) and a multi context CISCO 5585X (9.2(4))On CISCO 5525X, I receive an error in ASDM: "There is no site-to-site VPN license allocated to this context"I wen...
