We are testing out in our LAB using Scansafe on a multi context ASA Firewall running version 9.1.(4). We are seeing an issue where the proxy servers become unreachable after a very short period of time, and stays in this state forever until you remove/reapply the config.
Is this a bug in the version we are running in the LAB? Also, I noticed when using multi context, you can't specify the FQDN for the proxy server in the system context, it has to be the IP address. Is there away of specifying the FQDN?
server primary ip 22.214.171.124 port 8080
server backup ip 126.96.36.199 port 8080
scansafe license xxxxxxxxxxxxxxxx
show scansafe server
Primary: 188.8.131.52 (UNREACHABLE) for last 1 day 21 hours, tried to connect 2337 times
Backup: 184.108.40.206 (UNREACHABLE) for last 1 day 21 hours, tried to connect 2916 times
With regards to the first question relating to a possible bug with the towers becoming unreachable, I recommend opening a case with TAC as soon as posssible providing a show tech-support output also for deeper analysis on the fault conditions and possible causes.
With regards to the FQDN the syntax would be the following in the system Context amending the "xxx" with your provisoned towers for the site you are configuring.
server primary fqdn proxyxxx.scansafe.net port 8080
server backup fqdn proxyxxx.scansafe.net port 8080
license Ne.oPiqMN56V9eiW encrypted < - Company Licence
All Sub-Context configs would use custom group licence that you created on the online portal.
An example of my test lab whcih is working can be seen below:
scansafe license < OMITTED >encrypted <- Custom Group Licence
scansafe license encrypted <- Custom Group Licence
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :