We are trying to block few public ips in zone-based firewall. What typically in zone-based firewall, we can control based on protocol. Can we add an access list to be filtered in zone-based firewall policy map?
I have a DMVPN network with 4331 hub routers. Our HQ in Memphis has a hub on AT&T, and another on Lumen. Our New York hub is also a Lumen connection. All are 500Mb up/down. We have about 35 spokes around the US that peer to all 3 routers. BGP is the ...
hello all ,recently i tried to configure VPN site to site with certificate authentication type, i got the certificate signed by a third party autority , and when i did the debugs i got this log :CRYPTO_PKI: bitValue of KEY_USAGE = a0PKI[7]: CRYPTO_PK...
I need to upgrade AnyConnect 4.10 because it is EOS on 3/31/24. The replacement product is Secure Client 5.x. Currently, users only have DART and NAM installed on their computers.1. Do I need to uninstall AnyConnect 4.10 or is that automatically do...
I have just started using Secure Client Posture on my windows workstations. All but 2 work fine. The two are using the IP of the ISE instead of the FQDN. All systems have the same ISEPostureCFG.xml files on them. If I disable the network connectio...
Hello,A client is trying to SSH through the HTTP proxy (WSA), it works but the response times are huge.ssh_args = -C -o "ProxyCommand=nc -X connect -x proxy-http:8080 %h %p"It serves its purpose. HTTP proxy isn't designed for that, but has anyone tri...
Hi, I have one issue with IPSec tunnel Lan-to-Lan between ASA 5525x (v9.8) and ASA FPR 2110 (v9.16). My Tunnel is up but ping between each client was not successful. Both peer status sh cry isakmp sa in "MM_ACTIVE".I ran packet-tracer icmp between pe...
Hi,on ISE 2.4 in the live logs pages the report that one got clicking on the repeat counter was very useful because the endpoints were sorted by repeat counters. So it was very easy to find the endpoints with high repeated counters.With ISE 3.2 the r...
Hi,FTD was added and to FMC and while configuring HA in FMC, deleted FTD from FMC.While trying to add again to same FMC, both primary and secondary FTD not getting registered in FMC.Could you please help on getting the FTD registered with FMC.
Hellocould you please share the solution for showing dropped packet from internet to inside lan ? i have FTD 4100 series managed by fmc I want to see output from cli or fmc related to nat transactions packet(dropped and passed) both.
I'm in the process of updating all our FTD's from Snort2 to Snort3 & almost everything appears to work, except SMTP/S email.Under Snort2 it shows in event logs as SMTP/S Client traffic type correctly, but when Snort3 is enabled, it does not recognise...
Hi Guys,We're having some issues since deploying the AnyConnect VPN with users reporting poor call quality and packet loss on Microsoft Teams and over Skype both audio and video calls?Is there anything we can try or tweak on our ASA and AnyConnect se...
We have clients receiving a "PKCS12 (PFX) without a supplied password" error while connecting to RAVPN using Cisco Secure Client (5.1.2.42). The headend device is FTD 3130.The full error is "There was an erro during initialization: PKCS12 (PFX) witho...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
