Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

ASA + FirePOWER failover licensing

Hi, We have 4 offices, each with ASA5516-X running regular ASA software with FirePOWER modules. Those 4 devices are managed by the Management Center running as w VM. All 4 also are licensed for AMP and URL modules. We are considering adding high-ava...

ASA5520 BGP support and supported version query

Hi, Experts I need your supports regarding my ASA 5520. The current version is below: Cisco Adaptive Security Appliance Software Version 8.2(5) Device Manager Version 6.4(1) Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz Interna...

Wierd performance issue, Anyconnect client really slow to download.

I have an ASA5508X, controlled by a vFMC. Both are running 6.2.2.0. The Firewall is configured as a VPN server, with Anyconnect 4.5.02033 client software loaded. As expected, I can browse to the correct URL, and have the Anyconnect software install i...

ASA rpf-check DROP

Hi, I've got ASA 5506-X. The task is to provide access to Web server which is located in dmz from internet (outside). I use static NAT 192.168.120.254 (Web server)--> 95.67.82.153 (Public IP). Unfortunately, it is not working. I try different confi...

Resolved! 5506-X ROMMON configuration

I'm trying to reimage a 5506-X with the FTD image, unable to get basic connectivity from my laptop when using the settings described in the documentation. My laptop is plugged directly into M1/1 with a static IP. The firewall is using another IP wit...

Resolved! To replace ASA 5510

Hi, We plan to replace ASA 5510 to new model. Is it ok if we change to 5516-X. The model 5516-X compulsary to buy with firepower module ? What is the estimate lifetime for this model. Thank

Resolved! Rate Limiting using SGT (TrustSec) on ASA

Does anyone know if it is possible to rate limit using SGTs on an ASA (currently running 9.6). I didn't see any TrustSec options under class-map, nor have i seen it in any documentation.thanks!

Changing EZVPN IKE Phase 1 and 2 Policy

hi, i need to update the IKE phase 1 and 2 policies to a stronger method on an IOS router acting as an EZVPN server. to my knowledge on the EZVPN server "pushes" the IKE P1 and P2 policy to remote client. my question does changing the IKE P1 and P2...

Duplicate TCP SYN for fake addresses

Hi guys, I have ASA 5515 running at 9.6.(3)1. In logs I noticed a huge amount of very strange records. Duplicate TCP SYN from INSIDE: A /52565 to INSIDE: B /3389 with different initial sequence number Where IP "A" is Windows VM.Even when I shutdo...

CISCO ASA NAT RULE

Hi folks, I created a NAT rule on my ASA for my MPLS users to access a internal webserver, and the same server have a NAT to outside. until now all good my mpls users access a web-server from mpls IP and have a NAT to webserver IP. Now my internal ...

fatal: Write failed: Broken pipe and brute force guessing login, why firewall not block SSH?

fatal: Write failed: Broken pipe and brute force guessing login, why firewall not block SSH?is it coming from non-firewall side but source ip address are fake? how to confirm whether are these? <186>: 2015 Mar 24 08:29:27 HKT: %DAEMON-2-SYSTEM_MSG: f...