Need you guys advise on this. I have multiple ASA firewalls in Asia region to provide SSL-VPN (Clientless-VPN) access to corporate network. Example, Hong Kong and Singapore.When users in Singapore travelled to HongKong, they cant use the SSL-Url hosted there because even though the login is successful, the DAP of bookmarks are not configured in HK firewalls. So these users have no choice but to SSL-VPN back to Singapore firewalls, but this is ineffiecient and slow.
My question will be as follow:
1) can i export the DAP on Singapore firewalls and Import to Hong kong firewalls? Vice-versa
2) can i export the bookmarks on Singapore firewalls and Import to Hong kong firewalls? Vice-versa
3) due to number of users, i have too many DAP configure on each firewalls to match their cisco-userid to respective bookmark. Can i use something like variable? so that 1 DAP will be sufficient. I need the DAP to be able to capture the username keyed in by user and matched that against a bookmark configured with same username
My apologies, ASDM has an option to backup/restore the configurations. You can find it under "Tools". When you back-up, you only select DAP and CSD policies. Everything else should be un-checked. Then, you can save it as zip file and restore it on the other ASA. If you need automatic sync-up and push of DAP, we will need to use CSM for that.
thanks for that. Last question, when you mean Back up from firewall A of those DAP and CSD policies and restore it on firewall B. Can i do it during production hours and not impact on operations? So if there's a case where firewall A has a DAP policy of XX and firewall b has a policy of YY. If i backup A config and restore on B, will YY be overwritten or it will merge? end result with XX and YY
Pardon me, can you provide me the full term of these?
If the DAP records have two different names, then the restore on Firewall-B will add to the existing DAPs (so XX and YY). If they are same, I am not very sure whether it will overwrite or merge. I will have to test.
CSM - Cisco Security Manager - Helps you configure multiple security devices (Firewall, router, switch, IDS, IPS, MARS etc) from one unified policy interface. Also supports checkpoint and rollover, multi-device config replication and push etc.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :