Network Security

ASA 9.4 tcp idle timeout under class in policy

Hello Gents, we have on our ASA huge number of connections which seems to be idle. Similar to below:TCP INET_FW: XX.XXX.XXX.XXX/56535 INET_CORE: YY.YY.YY.YY/20406, flags UfIB , idle 1h3m, uptime 1h9m, timeout 15m0s, bytes 444 For this specific con...

Resolved! Access from other interfaces to inside Zone

i want to let users from interface 1/3 , 1/4 , 1/5 to access servers in interface inside , how can i do that ? interface GigabitEthernet1/2 nameif inside security-level 100 ip address 192.168.1.2 255.255.255.0!interface GigabitEthernet1/3 nameif So...

Context Directory Agent ip-to-user mapping missing (or being removed unexpectedly)

Hello! We have encountered a problem with our Identity Firewall scheme recently (it works on CDA, 4 Microsoft 2012R2 DCs and Cisco ASA as a consumer device). We've noticed that some ip-to-user mappings are missing on CDA although users are in domain ...

NAT- Diferent Range from Outside

Hi, I have to configure static nats with diferrent range of ISP2, they forward another range over this link. For example, they foward range 5.5.5.0/32 to we use from their address : 4.4.4.0/24. I configured the follow configs but donw works: inter...

ASA TCP Idle Connection Timeout Suspense

Hello I upgraded our Cisco ASA 5520 with a Cisco ASA 5585. Though both ASA were configured with default TCP Idle Connection Timeout values people are now starting to complaint that idle SSH connections are being terminated. This is proper behavior bu...

fix for this alert? %ASA-4-402119: IPSEC: Received an ESP packet (SPI= 0x229, sequence number= 0x4A2) from (user= ) to that failed anti-replay checking.

Hello, Good Day! Just wanted to ask what is the fix for this alert? %ASA-4-402119: IPSEC: Received an ESP packet (SPI= 0x229, sequence number= 0x4A2) from (user= ) to that failed anti-replay checking.

FirePower MC Interface utilization/bandwidth

I have run into this issue many times with FirePower deployments. Customers want to see what the interface utilization for each ASA/FTD device is at on the dash board. Ive gone through all the widgets and while I found I can create what looks like ...

PAT Pool Exhausted after enabling TCP-Bypass

I have been wrestling with enabling tcp-bypass recently. We have assymetrical routing happening between two providers with BGP configured. I have tried configuring tcp-bypass on the inside interface, outside interface, and globally. Each time the PAT...

Resolved! Cisco ASA hardware migration from 5510 to 5508-x

Hi All, I am panning to migrate firewall from Old hardware (5510) to new (5508-x). old hardware is running with IOS version 8.4(7)30 and new with 9.5(1) My question is Can I directly upload old configuration ( after changing Interface details only) ...

ASA 5580 SSL encryption

I'm working on some requirements to secure our devices. On the ASA, the SSL settings has SHA1 listed as the hashing. Is there a license feature that updates it to SHA2 or greater?

ACAS audit files

I'm looking for the most recent Cisco audit files to use with ACAS. Is there any available (after 2010) and if so, where to download them. THANKS!

How to set number of login limitation to a linux server behind ASA Firewall

Please can anyone put me through on how to set number of login limitation to a linux server behind ASA Firewall. Will it be done on the server or Firewall? How can i achieve that? Thanks

FP4110

To manage 4110 firewall i must to have firesight ? even if i didnt buy any firepower lic ?

ASA 5512x with Firepower Licensing question

I installed the SFR module on the ASA and ran through all the configuration. I registered it to my FirePower Management Center, however I failed to add the license to the SFR prior to doing that and the Management Center is not seeing my smart licen...

IPS reports

IPS report shows victim IP address on which the attack was launched, how is external attacker able to attack specific private IP addresses in a huge infrastructure?

Network Security

Forum Posts

ASA 9.4 tcp idle timeout under class in policy

Resolved! Access from other interfaces to inside Zone

Context Directory Agent ip-to-user mapping missing (or being removed unexpectedly)

NAT- Diferent Range from Outside

ASA TCP Idle Connection Timeout Suspense

fix for this alert? %ASA-4-402119: IPSEC: Received an ESP packet (SPI= 0x229, sequence number= 0x4A2) from (user= ) to that failed anti-replay checking.

FirePower MC Interface utilization/bandwidth

PAT Pool Exhausted after enabling TCP-Bypass

Resolved! Cisco ASA hardware migration from 5510 to 5508-x

ASA 5580 SSL encryption

ACAS audit files

How to set number of login limitation to a linux server behind ASA Firewall

FP4110

ASA 5512x with Firepower Licensing question

IPS reports

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Failover license

Cisco Firepower - icmp thru FW, inside to outside interfaces

FTD Back-to-Back VXLAN

HTTP download stops and gives "Network Error" during FTD Failover

Firepower 1150 Interface Internal Data 0/0 overrun errors rising

FPR-2110 (ASA-Image): Correct option at image upload?

FTD Firepower 1150 active/standby failover link

Policy Set to block specific IP address after a so many failed logins

Firepower 1120 SSD replacement procedure.

ASAv: ASDM upgrade causes error "Unable to launch device Manager from"