I have a PIX 515E with a privately numbered inside interface and a publicly numbered outside interface. I am doing a combination of static NAT for inbound connections for different services and PAT for outbound connections for internal hosts. The problem I have is that when I ping the public address of one of the static translations, the PING fails. When I ping to a host numbered within the same external subnet as the public address of one of the static translations the ping works fine. I believe this behavior is caused by the fact that the PIX by default will not allow traffic entering on an interface to then be turned around and sent right back out the same interface or "hairpinned" as they say. So since this the traffic would be flowing from inside interface to outside inside interface and then back to inside interface, the packets are dropped and the ping fails. Pinging to other hosts in the same subnet as the outside interface works because the traffic flow is inside---->outside then outside----->inside. I believe there is a way to get this to work by using the "same-security-traffic permit intra-interface" command on code version 7.2(1) and up, but I would like to confirm if this is indeed what?s happening. Any help would be appreciated.
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
A More Intuitive Cognitiv...