Having 12.4 version IOS in Cisco 7206 router, how to disable SSH Server CBC Mode Ciphers, SSH Weak MAC Algorithms
Forum Posts
Hi ,I was configuring the SSH local user on ASA with below Command but observing the Error please someone help me in resolving this.I am trying to configure below Script aaa authentication ssh console TACACS-MGNT LOCALssh 192.168.0.0 255.255.0.0 MGMT...
Community, We are currently working on a project to integrate a pair of 4150 FTD appliances into an existing physical topology. We need to overcome a few challengers/hurdles with the design. I've attached the topology to better explain the issues. ...
I would like to rate-limit internal traffic so that no one user can hog all of the bandwidth on our network. This can occur when someone is downloading a large file. How can I create a service-policy that shapes or polices every IP individually rathe...
Having bit difficulty nating let's say 192.X.X.X to 50.50.50.1 public IP. I need to allow all types of traffic I would say from the internal 192 LAN to the outside. Can anyone help me with a NAT object statement?
Case 1: ":Feb 25 16:42:16 EST: %ASA-session-4-500004: Invalid transport field for protocol=TCP, from {Black listed IP}/{random source port} to {public server}/0 " Case 2: ":Feb 25 16:42:16 EST: %ASA-session-4-500004: Invalid transport field for pro...
Hi, I'd love to some known bad names that should trigger a blacklist event for DNS policy within Security Intelligence. Can anyone provide this? I just need a couple for testing post roll out. (i know i can source some on the internet reports, but ...
I have two VPN tunnels to distinct external entities. Each entity only allows traffic from a specific IP address. I need to use a single NAT/PAT address for traffic through tunnel 1 and a different NAT/PAT address for traffic through tunnel 2. En...
Resolved! FTD High Availablity with FMC
Hi, I have two ASA 5545 Firewalls with Firepower service, firewalls are configured as High Availability without problem. now i am trying to setup two FTD as high availability on the FMC. both of them are registered on the FMC and in the same group....
Recently we decided at the office to upgrade our ASA firewalls to a newer version, up from version 7.2(2). We have 5 external IPs, x.x.x.13 up to x.x.x.17, these are all linked to different servers (http, https). Only the x.x.x.13 address is configur...
Resolved! Allow ICMP type 11 on outside_in ???
Hi. I get a lot of ICMP deny in our firewall log - Typically type 11,0 like this: Deny icmp src outside:77.243.33.157 dst Support_Net:10.10.60.206 (type 11, code 0) by access-group "outside_access_in" [0x0, 0x0] Q1) Should i allow these Time Exce...
Hello all, I have the following topology and need to configure port channels between Core and firepower 7125 Could anyone help with the correct conf of the port-channel on The IPS (P1 and P3 ) through the FMC ? Tried the conf on the core switch ( ...
Hi Team, Need your help to troubleshoot OS upgrade ASA 5550 from ver 9.1(7)7 to 9.1(7)19. Scenario: Standby was running on old version [9.1(7)7] and was Active. Primary was standby with latest version [9.1(7)19]. So, what basically I did: Primary...
Hello, I have already prepared configuration for cisco ASA and I will upgrade it directly to 9.1.7.23, I have prepared configuration. I want boot configuration from txt file, which I prepared, so I will press this commands boot config flash:/ file....
Hi ! All May I ask the FirePower 2130 EIGRP route entry limit ? tks
