Network Security

Using OSPF in ASA to advertise NAT Pools.

We are about to configure NAT on a Client's ASA Firewalls and we need some examples on how to go about configuring ospf for external (outside) interface that will advertise NATed addresses (or NAT Pools) and how to configure the ospf for internal net...

Change ASA Context config-url

hi, i had a ASA context outage and notice there was a typo on it's config-url. i need to rectify it but need a quick check if the change is SAFE and will NOT affect live traffic on the said context? context CUST-A allocate-interface GigabitEtherne...

Help with post 8.2 Config

Hello I am trying to upgrade from 8.5 to 9.2 but am having some issues with traffic I need going to inside ip 10.8.8.4 on port 1287. I am seeing this error when the traffic is trying to hit the internal ip. 4Aug 28 200802:58:58 166.150.233.934189710...

Resolved! Impact on IPS - Virutal Firesight Sizing

Hello For IPS Only purposes or in a NGFW, why should I use "FS-VMW-SW-K9" (for 25 devices) over "FS-VMW-2-SW-K9" (for 2) ? Let's say it's for one appliance deployed (FP7030 / FP7110) with an IPS licence only. I'm told that for IPS it's better t...

Resolved! Two Internet connection same Cisco ASA 5515 as ONE

Hello Srs: I have a question, and I am not really sure it could be done directly in the ASA. I Know we can have two internet connections in the same ASA and use one of them as failover, but in this case I need to know how to have to internet connecti...

Resolved! FMC device unlicensed

Hello, I've just installed the FMW virtual appliance running on VMware. After adding a device (IPS Firepower software of a ASA5525-X) to be managed, it said licenses are "unlicensed". All licenses options are greyed. Before this migration, my IPS s...

SPANTREE-2-BLOCK_PVID_PEER

Kindly help to resolve issue for below shown logs. SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 229 on GigabitEthernet0/1 VLAN1. SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/1 on VLAN0229. Inconsistent peer vlan S...

Microsoft AD traffic thru ASA

It seems like most of the info that you find on trying to run AD traffic on an ASA between inside and DMZ hosts is "don't do it!", "its a mess!", "MS AD doesn't play nice!". However there is an article on PeteNetLive, KB0000973 that references DCERP...

Resolved! ASA Management Interface Best Practives

Hello, I wonder if you could help. I am in the process of upgrading from an ASA 5505 to a 5515-X. On the 5505 I had an IP restriction for the HTTPS/ASDM setup on the outside interface, worked great. Of course, these firewalls didn't come with a ded...

Resolved! SSH Access Not working on ASA's

I am configuring my ASA's for ssh access prior to removing telnet access to them. However, I'm running into a problem. After I have configured ssh access (assigned a domain, generated my rsa key, and enabled ssh), I am unable to log in. My ssh cli...

ASA 5515X Outside Connection Drops Until "Clear ARP"

Working with a 5515-X: After a recent location change/move the primary connection sporadically deteriorates quickly until it no longer functions. Clearing the Dynamic ARP Entries on the ASA restores the connection instantly; and I don't know why. ...

Resolved! FP 2120 Default Image

I would like to find out what is the default image that the FP2120 comes with when its purchased.

Are FTDv services managed?

Hello, we're looking to implement an FTDv as an edge device for our Azure network. Currently our on-prem consists of a physical ASA and an outsourced IPS device (iSensor by Dell Secureworks) that sits in front of the ASA. My question is, are the IPS,...

Resolved! Configuring ASA 5506-X behind a Home Netgear ADSL router PPPOA

Hey Guys, I am a complete newbie to Cisco so excuse my ignorance,I have just setup the device and want the Outside interface to receive traffic from my home Netgear broadband router and then pass it through to inside interface.How do i go about doi...

Resolved! ASA Firewalls with Application Mapping (GUID)

In ASA firewall is there a provision to define ACL rules based on Application ID apart from source/destination IP Address? In other firewalls I have seen access rules based on service/application GUID along with source/destination IP.

Network Security

Forum Posts

Using OSPF in ASA to advertise NAT Pools.

Change ASA Context config-url

Help with post 8.2 Config

Resolved! Impact on IPS - Virutal Firesight Sizing

Resolved! Two Internet connection same Cisco ASA 5515 as ONE

Resolved! FMC device unlicensed

SPANTREE-2-BLOCK_PVID_PEER

Microsoft AD traffic thru ASA

Resolved! ASA Management Interface Best Practives

Resolved! SSH Access Not working on ASA's

ASA 5515X Outside Connection Drops Until "Clear ARP"

Resolved! FP 2120 Default Image

Are FTDv services managed?

Resolved! Configuring ASA 5506-X behind a Home Netgear ADSL router PPPOA

Resolved! ASA Firewalls with Application Mapping (GUID)

FMC 7.4 and multi-instance FPR3130 chassis upgrades

Announcing the release of Firewall Migration Tool Version 7.7.10

CSCwo71835 - The NAS-IP-Address attribute is missing

FMC API to get real time VPN/S2S tunnel and CPU/Memory perf metrics

Firepower 2130 -how to resolve plugin 70658 SSH Server CBC Mode Cipher

CSF 1210 CE FTD Event viewer problem

cFMC and event logging - Cannot change timerange

Application PBR in FDM

SSH with X509v3 certificates

FPR‑4145 EOL/EOS ?