Network Security

Resolved! c2911 Firewalling and IDS/IPS for PCI DSS compliance

Hi, One customer wants to be audited for PCI DSS compliance. They have c2911 routers as WAN routers. When they do port scanning, obviously there are some ports open as routers are doing natting. As far as I know, port scanning cannot be prevented wit...

Problem with traffic between 2 interfaces, Still no solution...

Hi folks,I'm having trouble with traffic between different subnets connected to different interfaces. In interface CARRIERS is connected a server with ip address 10.227.224.11 and in interface INSIDE_Prueba I have connected my PC with ip address 192....

SourceFire AMP

Hi I have a question regarding Evenyt ID's in Sourcefire. One of the workstations got infected with the following virus and the quarantine says that it failed with the error code: 3221225524. Does anyone have a list of the error codes so that I can f...

Management interface 5525-x not accepting syslog message 106100

Apparently the management interface on the 5525-x doesn’t support syslog. After 2 1 month(s) working on the problem, it works normally on the inside nic of the ASA. (TAC and myself have tried everything it's safe to say)The DOD has STIG compliance re...

FirePower Management Center License

Hello,We have bought Cisco FirePower Management Center for 2 devices (FS-VMW-2-SW-K9).Can we buy another license for two devices and expand the existing Management Center?

Resolved! Can I use FMC to manage a Firewall ASA with Firepower services in a remote site?

I am kind of new configuring Cisco Firewalls. I just configured a Firewall ASA 5508-X with Firepower services managed from the ASDM. Now we have purchased the vFMC for VMware deployment to manage the ASA 5508-X Firepower services, and a new ASA 5506-...

Zone based firewall and IPsec dialin

I have a Cisco 880 and try to establish an IPsec VPN dialin in combination with zone based firewalling.The IPsec dialin works fine without any issues which was crosschecked before activating the ZFW.ZFW config looks like this:!class-map type inspect ...

Import Intrusion Policy from VDC to DC750

Hello, I would like to ask about how to migration Intrusion Policy from VDC to DC750?I had tired import the Intrusion Policy from VDC to DC750, can't import as version mismatch with VDC:5.4.0 and DC750:6.2.1. Thanks for your suggestion! Regrds,Thaung...

NAT divert (U-NAT)

Hey all, Somewhat of a silly question when it comes to identity NAT rules, which cause the ASA to use NAT divert instead of the routing rable. How does the ASA determine the next-hop IP address in this scenario? We currently are dual homing our ASA t...

Resolved! Allowing access for multiple ports across ASA 5506, TCP and UDP

So I need to allow a server in the DMZ to talk to a domain controller on the internal network for authentication. This requires allowing a bunch of protocols through the firewall, some googling I think has given me a comprehensize list. That said, h...

What does ip virtual-reassembly do?????

I found one link on cisco website explaining a little about virtual reassembly, what I dont understand is when I enable that option on my tunnel interface why I cannot ping packets larger than 1420 from the other end of the tunnel?? When I disable v...

Cisco 5525 ASA FPWR Deployment in Datacenter

Hi Team, We buy Cisco ASA5525-FPWR-BUN (QTY=2), It will be deploy as datacenter with connectivity of coreswitchs(C6807-XL) and server farm switches(WS-C3850-48T-S). Please share the valid design, deploy and configuration Guide. My design attached. T...

ASA with Firepower

Hello; I am Erdenesukh Magsarjav who is system engineer of Civil Aviation Authority Mongolia. Our organization have bought your system which ASA-5585-10CTRL-LIC next generation firewall with FMC. ASA5585 firewall IOS 9.2 version ,firepower version ...

ASA Access Groups/Lists Permit & Deny

I just sat through a teaching where the instructor gave an example of a security issue & how to resolve it. A server on a LAN behind an ASA had 350 IP Addresses attempting to SSH into it over night (brute force attack). The instructer then checked th...

Intermittent IP Sec VPN Tunnel Cisco ASA 5500

Hi All, we are having intermittent issues on our vpn tunnel and i notice the firewall is giving below messages. Site A is using Juniper, Site B is using Cisco ASA 5500 then it goes up after 5-10mis Sep 01 2017 09:27:39: %ASA-3-713902: IP = 203.xx.45....

Network Security

Forum Posts

Resolved! c2911 Firewalling and IDS/IPS for PCI DSS compliance

Problem with traffic between 2 interfaces, Still no solution...

SourceFire AMP

Management interface 5525-x not accepting syslog message 106100

FirePower Management Center License

Resolved! Can I use FMC to manage a Firewall ASA with Firepower services in a remote site?

Zone based firewall and IPsec dialin

Import Intrusion Policy from VDC to DC750

NAT divert (U-NAT)

Resolved! Allowing access for multiple ports across ASA 5506, TCP and UDP

What does ip virtual-reassembly do?????

Cisco 5525 ASA FPWR Deployment in Datacenter

ASA with Firepower

ASA Access Groups/Lists Permit & Deny

Intermittent IP Sec VPN Tunnel Cisco ASA 5500

CSCwo71835 - The NAS-IP-Address attribute is missing

FMC API to get real time VPN/S2S tunnel and CPU/Memory perf metrics

Firepower 2130 -how to resolve plugin 70658 SSH Server CBC Mode Cipher

Yubikey for authentication to protected applications on FTD

FMC host profile for Cisco UC servers

Application PBR in FDM

SSH with X509v3 certificates

FPR‑4145 EOL/EOS ?

Firepower 4125 - how to resolve plugin 157288,

Cisco FMC QoS filtered by application