I just sat through a teaching where the instructor gave an example of a security issue & how to resolve it. A server on a LAN behind an ASA had 350 IP Addresses attempting to SSH into it over night (brute force attack). The instructer then checked th...
Forum Posts
Hi All, we are having intermittent issues on our vpn tunnel and i notice the firewall is giving below messages. Site A is using Juniper, Site B is using Cisco ASA 5500 then it goes up after 5-10mis Sep 01 2017 09:27:39: %ASA-3-713902: IP = 203.xx.45....
I have a 5506 and I'm trying to get a NAT to work. I have two servers (david and goliath), I want david to get 22,80, 443, goliath to get 444 I added the nats by using the commands below nat (Servers,outside) source static goliath interface service 4...
Can we register IP phone from internet . Applying public address as TFTP server where desired forwarding done .or we need to do only VPN only?
With the 3.x being EOL, does that mean 3.x could be used without cost of buying a license PAK? Or, would I have to purchase the new 4.x PAK in order to increase my anyconnect premium peers? I've seen the old 5.x client still being used out there, j...
Hi, I am required to add a rule that will allow any device to be able to browse to an FQDN and have a specific outside address for that traffic. As is know you cannot have an FQDN in the NAT destination field. Are there any workarounds for this? Many...
Hello Guys,I was going thrugh documentation for Inline deployment in v6.2.0 and found something about TAP Mode (even though this option is available in previous versions as well). In Inline sets, there is an option called TAP Mode which says that the...
I recently was at a job site were I was supposed to swap a Cisco 1941 with a ASA 5506. I preconfigured the ASA and tested to make sure it was routing outside properly. There is a Verizon business 300mbs line coming in to the Router. When doing a b...
Hi All,I am recieving palent of these messages on my ASA 5520. After palenty logs there is TCP Deny(No Connection) from x.x.x.x to y.y.y.y flags RST ACK on Interface outside also showing.I dont know the reason behind this. Can you please let me know...
Hi, We recently encountered an issue with one of our clients with their ASA 5555-X appliance is experiencing high CPU utiliization. We're encounting as high as 90% Per investigation of TAC, the biggest process that is eating away CPU resources is DAT...
I'm trying to get my ASA 5506 to route traffic for 192.168.24.0 to 192.168.25.20 however it keeps blocking the traffic with the global deny rule Deny inbound icmp src inside:192.168.25.6 dst inside:192.168.24.1 (type 8, code 0) i have attached the r...
Resolved! Cisco ASA 5510 Management Port
ASA 5510 Management PortHello, I'm facing problem configuring management port on ASA. I'm able to ping it only through VLAN 2 but not from any other VLAN and I want to get it assessible from all vlans. In addition I want to setup ASDM access through ...
Consider the following topology: - 192.168.1.1 /24 is on the ASA1 side (Gi0/1, lets call this the "Inside-ASA1" if you want)- 192.168.2.1 /24 is on the ASA2 side (Gi0/1, lets call this the "Inside-ASA2" if you want)- Interconnectivity between the ASA...
Hello, I have a question regarding Cisco FTD and client VPN with AnyConnect.Is it possible to configure compliance rules for FTD VPN Clients and quarantine a host if it is not compliant?Thanks in advance.Regards.
I have a scenario about Policy static NAT in ASA 9.6 I have server listening on port tcp/8443. It will be accessed from specific networks in internet. I want to NAT my server to public IP but port specific only for those specific networks in internet...
