As I was configuring this solution, I came across multiple articles with confusing configuration details. This one provided the most accurate configuration, but I still had a few details to clarify. Most likely, your user certificate is signed with an intermediate CA; this is the one you need to import …
Blog Posts
Upgraded to 7.6.4 and unexpectedly received an error during the first post-upgrade policy deployment. Summary: Tunnel source and tunnel destination combination configured on VTI interfaces must be unique.Description: Interfaces: ZZZ have the same tunnel source address and the same destination address configured across multiple topologies.Cause: The topologies: ZZZ have virtual …
Needed to setup policy based routing (PBR) on FTD with failover capabilities and could not find any reference but only bits and pieces. Some of the Cisco docs were even misleading, so it took a bit to get it to work. Setup: 2 ISPs, primary to be used by Production …
Found a way to add new line to ACP ACL from CLI. /home/admin# cd /usr/local/sf/ /usr/local/sf/bin# LinaConfigTool “access-list CSM_FW_ACL_ line 1 advanced trust tcp ifc inside any eq 8305 ifc outside any” View new config. FTD# sh run | i 8305 access-list CSM_FW_ACL_ advanced trust tcp ifc inside any eq …
This one had me puzzled for a few days. Dynamic VTI at the Hub and VTI at the spoke. All tunnels came up, pings are working but BGP session is not establishing. I’ve used setup instructions from this YouTube Video. Packet capture shows BGP packets arriving at the Hub but …