Hi,If I have configure two interface with same security level, and run the command "same security-level permit inter interface" , then if any traffic is going in between the same security level interfaces ASA will maintain the state table or not.
I have an ASA configured for IPSEC VPN. I am able to connect but once I connect, I can only ping the ASA, I cannot ping anything on the internal network. I have many subnets and VLANS. I want to VPN clients to be able to access to the VLAN 1, 2, & 3...
Hi guys,I got a problem accessing a 5512-X via ASDM as the return traffic is being dropped on the firewall but I can't work out why.I have a global permit enabled on the ASA, as well is permits in/out on the interface but the packet-tracer shows drop...
I was playing around with URL logging on an ASA 5510 the other day. Pretty neat. But I was wondering if you could do a similar thing with DNS queries. I setup a regex to match anything and setup a class that referenced the regex. Then, I created a DN...
I recently upgraded a ASA 5510 from 8.2(1) to 9.1(4). I went the path of 8.2(1) to 8.4(6) to 9.1(4).Ever since, I have been getting the error %ASA-0-106100.The ACE referenced is access-list outside_acl line 4 extended permit udp any4 host 10.x.x.x eq...
I had dual isp configuration setup that was working fine in 9.3.1. Once the primary ISP line goes down, the second one would take over and once the Primary ISP line came back the Primary default route would be in place and everything worked fine, UNT...
Hi all!Is it possible to configure ISE 1.3 for provisioning AnyConnect 4.0 and pushing certificate (as by using native supplicant)? So, after that, AnyConnect will be able to use EAP-TLS and cert for network access.It will be great, if it is possible...
Hi all,How do i disable login to my cisco asa 5520 using only enable password via asdm? I like to enforce logging in to asdm using username and password. TIA!
Hi guys, I'm beating my head. I have this working perfectly at one site, and it won't work at another.Scenario:Site has a new external vendor coming in. Vendor has installed a router on the internal network going to 172.16.207.187/32 (on the other ...
I am looking for a way to filter out all SSL Downgrade attempts for traffic passing through my FWSMs and/or ASAs. This traffic (the request to downgrade to a weaker cipher) is sent in the clear so this should be filterable by a FW somehow. I found th...
Hello,I have a customer with power issues in DC and two ASA5585 in cluster. The problem is that when there is a power outage the ASA cluster power up but the member are disconnected of cluster and need join into the cluster manually by console connec...
I'm enabling 'webvpn' on an ASA firewall, and when I do this, it appears to open TCP/443 on the Outside Interface, to SRC=0.0.0.0. I'm lucky enough to know the SRC's of all my VPN customers, so I'd like to limit TCP/443 being visible to JUST them...
I have purchased Cisco ASA5512X firewall installed but now we want to purchase some additional feature subscription like - IPS , Antivirus and others . I want to question this model is supported additional subscription ?
Please evaluate if the signature (6322) Microsoft Windows Information Disclosure Signature is OK as it seems I am receiving lots of false positives alert.
I know there is a way to have context explorer display hostname's in Context Explorer. For example, in the 'Traffic by Source IP' part.Let me know if you need more information in what I am trying to do.TIA,Dan
