I have a DMVPN network with 4331 hub routers. Our HQ in Memphis has a hub on AT&T, and another on Lumen. Our New York hub is also a Lumen connection. All are 500Mb up/down. We have about 35 spokes around the US that peer to all 3 routers. BGP is the ...
Hi,FTD was added and to FMC and while configuring HA in FMC, deleted FTD from FMC.While trying to add again to same FMC, both primary and secondary FTD not getting registered in FMC.Could you please help on getting the FTD registered with FMC.
Just recently, our Windows Logon duo integration has been challenging users for 2FA every time they log in, even if it's just unlocking a session they just locked. We've changed no policies in DUO or GPO. Thinking it was maybe a software version thin...
What is best practice when it comes to AD connector(s)?If we were to have TWO AD connectors, is there a way to have it only fail over to the other connector if the active one went down? Rather than adding an additional connector on a separate server ...
Hello, we recently had our cert for our VPN expire without notification via alert message. I've done some research in the FMC but can't find anything that monitors certificate expiration dates. A google search points toward REST API's of course but t...
Hi, I'm looking at deploying BGP on an FTD Active/Standby HA pair (FTDs are 4215 hardware running 7.2) to enable routes to be controlled by neighbouring routers rather than relying on 100s of static routes on the FTDs. I was wondering if anyone could...
We have two ISE ecosystems different and isolated (2.7 and 3.2)I must migrate guest accounts from one system to the other one.On 2.7 we have two sponsorportals and so it is on 3.2.I managed to retrieve captive portal users through a python script of ...
Hello,A client is trying to SSH through the HTTP proxy (WSA), it works but the response times are huge.ssh_args = -C -o "ProxyCommand=nc -X connect -x proxy-http:8080 %h %p"It serves its purpose. HTTP proxy isn't designed for that, but has anyone tri...
Question, attempting to help a customer with the new S196 and we have found that the new S196 doesn't appear have the WSA-L4TM-LIC license like the old S195 did. Is this feature now included in the new Subscription license? Thanks, Seth
Hey allI have a Firepower 1010, I need to disable the SIP ALG on it, I have access to the Web Client and Telenet access to make changes, can someone give me an easy way to make these changes, I don't have the ASA Software that could access with.
Hi Guys,We're having some issues since deploying the AnyConnect VPN with users reporting poor call quality and packet loss on Microsoft Teams and over Skype both audio and video calls?Is there anything we can try or tweak on our ASA and AnyConnect se...
I want my VPN users on a Cisco ASA to authenticate against ISE but use Azure AD for MFA on the backend. So far, it seems there are three ways to do this. My requirements are that I must use AnyConnect and ISE. Setup Azure AD as External Radius Server...
We are trying to block few public ips in zone-based firewall. What typically in zone-based firewall, we can control based on protocol. Can we add an access list to be filtered in zone-based firewall policy map?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
