Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

Resolved! NAT for overlapping subnets

I am running into a situation where I have duplicate subnets (10.1.1.0/24) with an internal network and an external vendor. The external vendor is coming across our PIX Firewall. Would it make sense to create a NAT statement on the outside interface ...

Resolved! NAT for IPSec S2S Tunnel after using AnyConnect RA SSL VPN

Hello all, so here is a complicated thing that I need to implement and need your help with NAT Commands: I have implemented RA AnyConnect VPN. My employees connect to my ASA with anyconnect and get the IP from: net_anyconnect_pool : 10.1.1.0/24 My ...

Need design guide for ASA/DMZ switch configs

I'm not new to ASA firewalls at all, also know L2/L3 very well, but I'm having a terrible time getting an ASA 5500 config pulled together. I have a lab where I'm testing an ASA 5520 active/standby failover pair prior to rolling this out, and need to ...

Can't access web interface for a Virtual Appliance version 5.3.0.2, is this expected?

Hi everyone. My customer has bought a pair of devices, a physical appliance and a virtual device license. We have already installed, configured and registered the physical one to the Defense Center with no issues whatsoever. It's even in productio...

Importing ASA configuration

I am looking to upgrade my ASA 5505. I currently have 2 Site to Site ipsec VPNs, 2 NAT'ed VPNs and multiple remote access users. Will I run into any problems if I transfer the existing configuration from the ASA 5505 version 7.2 into a new ASA 5506 v...

Best Practice Two Tier Firewall Architecture

First time posting so bear with me.I am looking for a best practice design reference for a customer that wants a two tier firewall structure. --Does anyone have a reference link/document/book? --Should the customer use different vendors at each tie...

Resolved! ASA - how to create descriptions for routes?

Hello, Very simple question. Can I create some kind of description for my routes in ASA (5515)? For objects and interfaces we have the description command, for access-list we have remark command. But I don´t find an easy way to "note down" details fo...

Need Help Whitelisting VM Scanning

I have internal Qualys vulnerability scans which target systems inside my web DMZ. Once my AMP 8150 IPS devices see the traffic it appears to be coming from a x-forwarded IP address on our load balancers. Two things I can see when I analyze the pac...

Resolved! FirePower User Agent Redundancy

Hi Everyone, Simple question, how many user agents can I connect on FMC? I know I can have multiple agents configured, but how many is the limit? Are they all active at the same time or it works as active/backup?

FirePower 8140 performance

hello, I have a 8140 firepower sensor that is supposed to handle IPS 6G of throughput as per the datasheet. This sensor is positioned at the edge of a small ISP serving internet traffic from dsl, 2g, 3g, etc... This sensor is licensed for IPS licens...

ASA5510-K9 & SSM-4GE

Hi Guys Client of mine asked if i can quote them on the SSM-4GE for their client, but i see it is EOL and cant order it. Is there a replacement? Regards

ASA5516-X SFR Portforword not working

Hi I tried to configure Port forwarding to Local DVR to Public IP address but its not working Device Cisco ASA5516-XSFR (IOS 9.12) Public IP address xxx.xxx.xxx.12x Local IP address 10.10.8.25 Ports need to be forwarder : 554 ,8000, 81 all are T...

IPv6 icmp packet deny mystery - Cannot establish neighbor with Link Local IP

Hey Folks, So I have a bit of an odd issue with an ASA tring to reach Link Local addresses (Two switch IPs and HSRP address). Pings to/from the firewall using the global IP are working, however pings to the LL IP are not. When I ping the HSRP IP from...