Network Security

I set up a Site to Site VPN and everything is working fine where, I can access resources from both locations. However, when I connect to the VPN with cisco any connect client I can only access the resources on the 192.168.120.x subnet and not the rem...

We have an ASA 5555 with 16Gb Ram, 1 CPU, 8 cores.  We are on Software Version 9.5(2).  We have a 1Gb connection to the Internet.  Every time we turn on File Inspection, it crashes our network.  We can run a speed test and we are getting upload and d...

Hi, I'm upgrading the sensor from 5.4.0 to 5.4.0.2. During the upgrade, the FireSight is unable to manage sensor back. I have checked the sensor version is 5.4.0.1 now. When I try to add sensor from FireSight, it pop-up a dialogue box "Could not esta...

I’m designing a solution for redundancy and there are a couple of ways to accomplish this. The age old method (without EBGP) is to put an IOS router in front of the ASA that uses NAT, PBR and IP SLA to manage two internet connections with fail-over (...

Hi, I want to get a copy of the firesight connection events to a remote logging server. would anybody help with that.? i need a global configuration, as i have too many access policies and it will take to much time to add log server to this number of...

I already have the public ip of A.B.C.D. The internet is working fine from that one.  Now, the client has given me other Public ip pool of x.x.x.x/29 and have asked me to map the IP in the pool to the respective servers in the private IP. For eg: 10....

Hi Team, One of our customers is going for upgrading existing ASA 5515-X standalone firewall to ASA 5515-X with firepower services for that the customer is procuring CTRL license and feature license (TAM). Currently ASA is currently in production an...

Hi,  Someone here tried to do ssl decryption in a 5500x using FTD? I did the same as i used to do in the past but this time just do not work. Thanks

Team, Today we were doing the image upgrade for ASA 5585 from 9.0.1 to 9.6.1. We followed the upgrade path as below 9.0.1  - 9.1.2  - 9.1.3 - 9.6.1 First we did 9.1.2 on standby unit then rebooted the standby after it come up with 9.1.2 then upgrade...

hallo We had a active/active Cluster and the primary unit crashed and must be replaced. The secondary is up and running. The config on the active looks like :  ( Failover is already deactived ) ffm-sep-dc/sec/actNoFailover# sh run | grep fail no fa...

Hello, is there a mechanism in the new Firepower that can block IP address originating from different countries? I have a site that gets bombarded by DOS and Dictionary attacks. I have called the ISP in the past but, that can be difficult in getting ...

inter gi0/0 maneif inside ip add 1.1.1.1 255.255.255.0 security-level 100 no shu inter gi0/1 nameif mgmt ip add 2.2.2.1 255.255.255.0 security-level 100 no shu exit same-security-traffic permit inter-interface same-security-traffic permit intra-inter...

Hi All, I have a private IP from one of our partner x.x.x.x and would like to nat it. Only our internal users will be initiating connection towards this IP.  What should the NAT statement look like on ASA 8.5 if have to NAT the outside ip to Y.Y.Y.Y...

I have a DMZ that has a Cisco Nexus switch with VRFs as well as a physical firewall.  Is it common in a DMZ environment to put the gateways for the DMZ systems on a Nexus VRF? Or should they be on the physical firewall?  If they are on the VRF, then ...