Packet Tracer fails with “ERROR: TRACER: NP failed tracing packet”
If you are getting this error message when trying to do packet tracer you hit a bug CSCvi37889. asa/pri/act# packet-tracer input inside tcp 10.1.0.10 1235 8.8.8.8...
Cisco ASA VPN Control Plane Bug after upgrade to asa964-12 causing MM_WAIT_MSG2
Recently, I had the privilege to experience yet another Cisco Bug. After upgrading from 9.4.x to 9.6.x my VPN control plane crashed causing all of...
ASA Unexpected Crash – DATAPATH Traceback CSCvb30445
If you are getting unexpected crashes/reloads on your ASA and you are leveraging Policy Based Routing (PBR) you may hit Cisco Bug CSCvb30445....
Cisco ASA Microsoft Updates Sources List
If you need to filter egress traffic on your ASA and one of the requirements is to have access to update.microsoft to pull all necessary...
ASA and FTD Security Appliances Might Fail To Pass Traffic After 213 Days Of Uptime
I’ve recently had to work on sev1 case where suddenly one of my customers environment stopped responding to outside requests. As the bug hits your...
Cisco ASA – Unable to launch Device Manager (ASDM) error
I’ve recently worked on hardening Cisco ASA’s where I was changing ssl cipher encryption suite from tlsv1.0 to tlsv1.2. After changing to the higher ciphers...
Unable to SSH to standby unit over anyconnect VPN – Drop-reason: (no-adjacency)
If you are running pair of ASA’s in active/standby you may encounter issue with connecting to your standby/secondary unit. Reason why I’m saying “may” is...
Cisco VPN Phase 1 issue with NO_PROPOSAL_CHOSEN and MM_WAIT_MSG2
When establishing VPN tunnel for the first time and having troubles bringing it up you may need to enable debugging as well as checking its...
Cisco ASA Active Standby Failover configuration with Port-Channel
Being in the field I’ve seen it way too many times where customers redundant security appliances have high availability link as a single point of...
Connection terminated for peer 1.1.1.1. Reason: IPSec SA Idle Timeout
If your VPN is suffering from IPSec SA Idle Timeout there are two places where that can be remediated....