Network Security

Forum Posts

Sorted by:

Cisco ASA, 9.4 - we got PBR (Policy based Routing)

I can hardly believe it. ASA 9.4 has added proper PBR support. http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html Routing Features Policy Based Routing Policy Based Routing (PBR) is a mechanism by which traffic is ...

ASA5506 second network cannot reach internet

I have a development network that functions through another router inside the network. That internal dev network cannot reach the internet however you can ping, telnet etc to or from. I include a simple network diagram, sho route, sho ver and sho nat...

IP Phones Unable to keep connection with ASA 5505

Today we updated our ASA 5505 from ASA 6.5xx to ASA 9.24, and as we know around 8.1 the way NAT was done was changed. I was under the impression that the ASA would "convert" most of the rules, and I figured I would have to recreate some of them that ...

Resolved! TAC Recommended FTD Version?

Hi, Just wonder if there is such thing as "TAC Recommended FTD Version"? I used http://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-TAC-Recommended-AireOS.html#anc6 when I was upgrading a WLC cluster and hope t...

Juniper SRX to Cisco ASA IPSEC VPN MIGRATION

Hello currently i am working on Migration Project, where i need to migrate Juniper SRX to Cisco ASA. I am stuck between middle of this project, while converting to IPSEC VPN. Please find below details: 1. Juniper has configured route based and pol...

ASA 5585X PBR

Hi I have a 5585X with 2 WAN interfaces. One is the OUTSIDE interface which the default route points to. The other is a VPN interface which I would like to use for Anyconnect VPN sessions. I have configured PBR to set the next-hop of traffic sourced ...

Resolved! ASA 5505/NAT/Packet Tracer: Only connected subnet NATed, not others Internal subnets

Hi folks! I'm modeling a simple network in Packet Tracer.7.0: The IP topology is functionning OK, PC0 can ping Server0 (there is a static route in the router 'Internet' 10.0.0.0 255.0.0.0 203.0.113.47). Yet, NAT is performed only when a ping is sent...

Resolved! Firepower 9300 (FTD image) supports MPLS pass through

Hi Experts Does the FPR 9300 running FTD image 6.x pass MPLS traffic in routed mode? In case we have two different ASs, peering on MP-eBGP with inter-AS option B and a FPR device in between, will the FPR allow labelled eBGP to come up and exchange t...

FMC: Inbound External IP Exclusions

Hello, I need to exclude a few external inbound IPs from triggering Firepower alerts. What is the best method to accomplish this: Pass Rule, Access Control Policy - Trust, Whitelist..? Thank You Frank

ASA ACLs

Hi guys, I hope someone can help. I need to do the following actions on the attached ASA * Block all Internet from LAN * Block all connections to 10.56.0.0 /16 * Block all connections to 10.57.0.0 /16 * Allow connections from LAN to 10.56.40.195/32,...

Resolved! ASA with FirePOWER

I want to order ASA 5515 with FirePOWER. Did the new order include free 1 year licence for any FirePOWER feature, or should I purchase automatically licence ? What is the minimum subscription recommanded ?

SSL decryption FirePower - span port

Hi,does anyone know if it is possbible to span out decrypted traffic from FirePower 4110 (mirror port) ?Also, does anyone have any good experience of using SSL inspection on FirePower?Any pitfalls to be aware of?Any feedback is much appreciated.

ASA 5510 Not loading automatically the config when booting up

Hello, I would like to find out why my ASA 5501 is not loading the saved config when booting up automatically? I have never seen that before on a Cisco device, I have to manually copy start run to reload it once is up. Thanks in advance.

Why Update 9.1 to 9.6

Hello we are using a Cisco ASA Firewall pair for basic Access List, NAT and Site-2-Site IKEv1 VPN. The firewall is just sitting there and there has not been any need of configuration change in last 1 year and there wont be any change in configuratio...

Resolved! NMAP Scanning from FMC

Running Firepower Management Center v6.2.0.2 I’m having 2 issues with NMAP and active discovery First issue: Hosts discovered by NMAP are not being added to the network map. Only hosts discovered by passive discovery exist in the network map. Is t...

Network Security

Forum Posts

Cisco ASA, 9.4 - we got PBR (Policy based Routing)

ASA5506 second network cannot reach internet

IP Phones Unable to keep connection with ASA 5505

Resolved! TAC Recommended FTD Version?

Juniper SRX to Cisco ASA IPSEC VPN MIGRATION

ASA 5585X PBR

Resolved! ASA 5505/NAT/Packet Tracer: Only connected subnet NATed, not others Internal subnets

Resolved! Firepower 9300 (FTD image) supports MPLS pass through

FMC: Inbound External IP Exclusions

ASA ACLs

Resolved! ASA with FirePOWER

SSL decryption FirePower - span port

ASA 5510 Not loading automatically the config when booting up

Why Update 9.1 to 9.6

Resolved! NMAP Scanning from FMC

Hearty congratulations to the December Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

How to assign a parent/base policy to an access policy with FMC API

Firepower 7.2.1 - Issue with the FlexConfig Text object override

Private VLAN's interaction with ESXi and firewall

Packets appearing in ASP DROP?

What is PID when we try to integrate with Cisco API's

FMC API - can not associate a prefilter policy to an access policy

What is the result of placing, on ASA outside int, ACL...

On ASA5525 with vanilla setup, need to place ACL on outside int?

CSR 1000v ACL syntax-- use wildcards or masks?

SFR sensor upgrade fails readiness check