Network Security

Hi all,    below is my network topoloby.  inspect SIP is enabled by default. it will create a lot of sessions which doenst even pass through the firewall and caused connection limit alarm "Resource 'conns' limit of 250000 reached for system".   from ...

Hi,   Does anyone have AnyConnect on Firepower (FMC) using AD (rather than RADIUS) while having access control via security groups? With RADIUS this could be done as NPS policy conditions. Currently if you use AD authentication it will let anyone wit...

I've got an 8-port ASA 5505 installed at a (very) remote site and I'm getting errors indicating Ethernet0/3 is going up and down and up and down and ...I'd like to see what device is plugged into 0/3, but there doesn't seem to be a "show mac-address-...

My ASA5525 version is 9.5(2), I don't know why my default route to outside doesn't work properly. I can't ping through 8.8.8.8 and remote VPN user is able to get vpn connection remotely but can't get internet through outside route. Below is my partia...

I have an issue whereby I am migrating Juniper SSG firewalls that have multiple VPNs to Cisco FTD running FTD 6.2.3 software (Not ASA).   The problem is the Juniper SSG's terminate all the s2s VPN's on a loopback interface but the ASA cannot do this....

I have a question about upgrading ASA5585-S10-K9 There are two options  1) CISCO ASA5585-S10-K9  2) CISCO ASA5585-S10X-K9 with 2x SFP+ Ports. My question is, when i have CISCO ASA5585-S10-K9  without 10G ports, can i enable and use these ports with s...

We have a Cisco IronPort Web Security Appliance (WSA) and are looking to change out our existing firewall to a FirePOWER 2140 NGFW.     The question I am running into is whether it would be of any benefit to add AMP and IPS licensing to the Firepower...

I have a working ACL. It is applied inbound on the switch port with a server attached. However, the logic is confusing me, as if I switch src/dest around, it no longer works.   Setup: 3650 Switch, server on port g1/0/7. Switch trunked to a pair of 9k...

Hello,I have set up a zone-based firewall on an ISR4331. With that zone-based firewall and "debug ccsip message" activated, I observe a lot of "SIP/2.0 488 Not Acceptable Media" or "SIP/2.0 403 Forbidden" messages. If I add the following configuratio...

Hi,   I have a client that has 2 ISPs and would like to use ISP1 for employees and ISP2 for guests.  At the same time, he would like to have internet failover for both employees and guests.  So, under normal conditions, employee's subnet should use I...

Dear Community, I would have a short question to you. I currently have some troubles in connecting our ASA5508-X to the Internet. The architecture is the following:   Internet Service Provider <=> Cisco ASA 5508-X <=> Internal Server   In this regard...

Hi Experts, I am seeings frequent UDP-123(NTP traffic) logs on Cisco ASA Firewall, which is initiated from Internal LAN to Outside Internet. Source and destination port is 123. Can some one guide, what is causing this?   Understand, that UDP-123(NTP ...

Dear Community, I would have a short question to you. I'm trying to replace our old router with a new Cisco ASA 5508-X (for direct internet connection). The authentication against Internet Service Provider ("Deutsche Telekom" / "German Telekom") supp...