hi,
i'll be configuring SSH version 2 and can see some of our ASA have existing RSA/general purpose keys (some ASA have several keys) with modulus 1024.
can i re-use the existing 1024 RSA key for SSH version 2?
or do i need to generate a new RSA key ...
Hi,
Does anybody knows how to modify the settings for the AAA config on a cisco ASA ?
Currently, I have a Cisco ASA ASA5520, its configured with Radius, below is the current config:
aaa-server Radius_RSA protocol radiusaaa-server Radius_RSA (in...
Hi All,
I have a quick question regarding some twice nat configurations.
I need to know if the following twice nat statement is necessary. (Firewall Spring Cleaning)
Example:
I have a destination in my DMZ that is being natted by yet another Firewall...
Hi,
Within FMC, if you setup a access control rule, you define the action to be allowed or deny etc. Then define the matching criteria, like network and/or services. But one question regarding the URL portion: if the action set to Allow for the rule...
Dear All,
I deployed ACP on my FTD devices but still showing running since 1 day !. I don't know how to kill or delete it.
below is the message
Deployment - Policy and object collection complete. 23h 2m
40%
Any idea please?
Hi I am trying to do nat using service groups, I have below objects and wondering how to put them together what I have is ASA 5515
network object aaa
host 1.1.1.1
object-group server bbb_dst
service-object tcp destination eq www
service-object tcp ...
There is two things I am trying to Accomplish
1st is to ping my inside Interface from the outside subnet (So ping 192.168.44.1 from 172.24.100.0
2nd is to make ASDM work on either inside or outside interface.
My network is just a home network. I p...
Hello, I have just implemented Deep Packet SSL Inspection on our firewallI am finding instances of SSL certificate pinning (HPKP) where I need to make exceptions to the DPI list e.g. *.google.com etc. This fixes the problem.What I am finding strange ...
I just setup up AnyConnect on my ASA, when I type the WAN IP address on my remote PC, it does not connect. I review the logs on the ASA and I can see where it is denied by the ACL. What in my config is wrong or preventing me from access the AnyConne...
Dear All,
My network is already in production, I have configured the SFR to inline mode (i.e. fail-close). Now, I would like to change to inlline monitor-only mode. Will it any impact to the network when change monitor-only mode ?
Thanks,
Kurt
Hi,
I am not able to ssh to a device behind a PIX firewall due to this error
Apr 01 2017 16:25:07: %PIX-3-305005: No translation group found for tcp src outside:192.168.255.10/47080 dst inside.50:192.168.50.10/22
I don't get the error since the pack...
Hello,
I was trying to upgrade our virtual FMC 5.4 to 6.2 using the documented path but had an error during upgrade to 6.0. We opened a TAC case and were advised to install some patches directly onto the FMC via SCP. I am trying to copy those files ...
Hello,
I am using CISCO ASA 5585.
While most of the sites are working fine, I am unable to browse one particular website.
I captured the packets against the solution provided for "MSS Exceeded" but didn't find any packets captured against the match. ...
