I have a Cisco 880 and try to establish an IPsec VPN dialin in combination with zone based firewalling.The IPsec dialin works fine without any issues which was crosschecked before activating the ZFW.ZFW config looks like this:!class-map type inspect ...
Forum Posts
Hello, I would like to ask about how to migration Intrusion Policy from VDC to DC750?I had tired import the Intrusion Policy from VDC to DC750, can't import as version mismatch with VDC:5.4.0 and DC750:6.2.1. Thanks for your suggestion! Regrds,Thaung...
Hey all, Somewhat of a silly question when it comes to identity NAT rules, which cause the ASA to use NAT divert instead of the routing rable. How does the ASA determine the next-hop IP address in this scenario? We currently are dual homing our ASA t...
So I need to allow a server in the DMZ to talk to a domain controller on the internal network for authentication. This requires allowing a bunch of protocols through the firewall, some googling I think has given me a comprehensize list. That said, h...
I found one link on cisco website explaining a little about virtual reassembly, what I dont understand is when I enable that option on my tunnel interface why I cannot ping packets larger than 1420 from the other end of the tunnel?? When I disable v...
Hi Team, We buy Cisco ASA5525-FPWR-BUN (QTY=2), It will be deploy as datacenter with connectivity of coreswitchs(C6807-XL) and server farm switches(WS-C3850-48T-S). Please share the valid design, deploy and configuration Guide. My design attached. T...
Hello; I am Erdenesukh Magsarjav who is system engineer of Civil Aviation Authority Mongolia. Our organization have bought your system which ASA-5585-10CTRL-LIC next generation firewall with FMC. ASA5585 firewall IOS 9.2 version ,firepower version ...
I just sat through a teaching where the instructor gave an example of a security issue & how to resolve it. A server on a LAN behind an ASA had 350 IP Addresses attempting to SSH into it over night (brute force attack). The instructer then checked th...
Hi All, we are having intermittent issues on our vpn tunnel and i notice the firewall is giving below messages. Site A is using Juniper, Site B is using Cisco ASA 5500 then it goes up after 5-10mis Sep 01 2017 09:27:39: %ASA-3-713902: IP = 203.xx.45....
I have a 5506 and I'm trying to get a NAT to work. I have two servers (david and goliath), I want david to get 22,80, 443, goliath to get 444 I added the nats by using the commands below nat (Servers,outside) source static goliath interface service 4...
Can we register IP phone from internet . Applying public address as TFTP server where desired forwarding done .or we need to do only VPN only?
With the 3.x being EOL, does that mean 3.x could be used without cost of buying a license PAK? Or, would I have to purchase the new 4.x PAK in order to increase my anyconnect premium peers? I've seen the old 5.x client still being used out there, j...
Hi, I am required to add a rule that will allow any device to be able to browse to an FQDN and have a specific outside address for that traffic. As is know you cannot have an FQDN in the NAT destination field. Are there any workarounds for this? Many...
Hello Guys,I was going thrugh documentation for Inline deployment in v6.2.0 and found something about TAP Mode (even though this option is available in previous versions as well). In Inline sets, there is an option called TAP Mode which says that the...
I recently was at a job site were I was supposed to swap a Cisco 1941 with a ASA 5506. I preconfigured the ASA and tested to make sure it was routing outside properly. There is a Verizon business 300mbs line coming in to the Router. When doing a b...
