Network Security

ASA Clustering with 4500 Switch

HI I have two cisco ASA 5545 that config as active-stnadby and there is two cisco 4510(with sup 7E) in downstream(inside zone of ASA) that config as active-standby(HSRP). now I want config two ASA's as a cluster and two 4510 as VSS. I read "BRKSEC-30...

Cisco ASA and Domino Lotus Notes

Hi all, I have to make a lotus notes local server accessed by the external of our network. So, i did a public server from ASDM mapped from the local ip of the lotus notes to a public ip address. As, services permitted, i added http. But i can't acce...

Resolved! ASA 5515-X not addressing all CPU cores/memory?

Hello all,I appologize if this has been answered somewhere, but I've been googling the heck out of this and haven't seen this addressed anywhere.I have a new ASA5515-K9 running code version 8.6(1)2 for personal lab use, and the output of the "show cp...

ASA 5506-X Implicit Deny Blocking Traffic

I'm a bit stumped. I have an ASA 5506-X (lab) that suddenly stopped permitting traffic through to my internal subnets. When I run a packet trace, I get this, which stumps me because I've configured a rule to let the traffic through: RADAR# packet-...

Resolved! IPSEC phase 1 is working now but Phase 2 failing

Hi Everyone, Cisco ASA phase 1 failing Feb 27 2016 10:56:43: %ASA-5-713257: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 5 Cfg'd: Group 2Feb 27 2016 10:56:43: %ASA-3-713048: IP = 184.71.x.x, Error processin...

ASA upgrade 9.1(5) to 9.4(2)11

Hi! I´m trying to find if someone already has upgraded a Cisco ASA 5545X configured as Active/Standby from version 9.1(5) to 9.4(2)11? which I saw on Cisco page marked as recomended.I´m thinking to apply this upgrade on next weekend, but I´m afraid s...

Problem with high ping latency on cluster of ASAs

Can anyone knows what could be the reason of high ping latency, when I am pinging the ISP next hop router through cluster of ASAs and my inside interface on a cluster of cisco ASAs? When I leave one unit in a cluster of ASAs, ping is 1ms, when both u...

FirePower module - logging of IPS (snort) events

Migrating from 5505 to 5506-X and trying to set up FirePower. Have a full license, currently IPS and AMP in use. I get logging events from: - Blacklisted IP - security intelligence field - Malware detection But I can see no "intrusion prevention" (s...

Resolved! how to troubleshooting to find the reason of ASA failover?

how to troubleshooting to find the reason of ASA failover? which keywords can be used to search in ASA rsyslog file

OSPF through Transparent FW (FWSM) - Stuck in Exchange/Exstart

Hi, I have the following set up; RTR01 (6500) <-- VLAN4041 --> FWSM <-- VLAN40 --> RTR02 (Nexus 7K) Vlan 4041 is an SVI on the 6500 that the FWSM is installed in, Vlan 4041 is "outside" interfaceVlan 40 is trunked from the 6500 to an N7K which has a...

Resolved! Backup WAN Interface on Cisco ASA

Hi all, i want to configure a second ISP Interface on ASA. In most cases i configure a second default route with a lower metric and tracking on a public IP Address for example 8.8.8.8. If a Ping Track fails for tracked interface the first default rou...

How to configure ASA IPS modules to be monitored by CSM?

I have CSM 4.10 for managing my Cisco security devices. What do I need to do on ASA IPS module and CSM, so ASA IPS modules will be properly monitored by CSM? (dashboard widgets, event viewer, heath monitoring and rest).Thank you in advance!

Recently migrated from Firewall Services Module to ASA 5585

We recently migrated from a Firewall Services Module Version 4.1(8) to a ASA 5585 running 9.5(2). We have been up and running on the ASA for about a week now. The only issue we've seen is with ACLs whereas some of them didnt port over and we had to e...

Resolved! ASA - ping "distant interface", or use a workaround

(see topology below) We're trying to monitor two ASA5520s running 8.4(7)30 in HA active/standby via icmp. We're unable to ping the inside interfaces of either of the ASAs from our monitoring servers, I think because of the "distant interface" rule. T...

Resolved! SorceFire Portal login credentials different than Cisco.com?

Hello, Setting up a 5506-X with firepower and when creating a FireAMP connection it takes me to a SourceFire portal to log in. Where do I get those credentials? They aren't the same as my Cisco.com login. Thanks, Scott

Network Security

Forum Posts

ASA Clustering with 4500 Switch

Cisco ASA and Domino Lotus Notes

Resolved! ASA 5515-X not addressing all CPU cores/memory?

ASA 5506-X Implicit Deny Blocking Traffic

Resolved! IPSEC phase 1 is working now but Phase 2 failing

ASA upgrade 9.1(5) to 9.4(2)11

Problem with high ping latency on cluster of ASAs

FirePower module - logging of IPS (snort) events

Resolved! how to troubleshooting to find the reason of ASA failover?

OSPF through Transparent FW (FWSM) - Stuck in Exchange/Exstart

Resolved! Backup WAN Interface on Cisco ASA

How to configure ASA IPS modules to be monitored by CSM?

Recently migrated from Firewall Services Module to ASA 5585

Resolved! ASA - ping "distant interface", or use a workaround

Resolved! SorceFire Portal login credentials different than Cisco.com?

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Moving FTD to new Public IP, Site to Site VPN question

CSSM On-Prem with FTD on FMC

ASA5506-X SFR module always switches off after 10 minutes

Primary FTD looses connection to default gateway

ASA Cascading Contexts Example

FDM1120 Management Interface IP Address

OSPF Passive interface in FTDs

FMC displays working IKEv2 tunnel DOWN

FTD 3105: Connot change the gateway (commit-buffer do not work)

How to install a naked Firepower 1010?