Network Security

Resolved! 106021: Deny TCP reverse path check from

Hi everyone, PC traffic ------Switch ----X int ASA-----y int ----server 172.31.50.55 I see below log when user try to access the server106021: Deny TCP reverse path check from 192.168.100.25 to 172.31.50.55 on interface X Does it mean that ASA did n...

Dynamic NAT for Server

HiI am new to firewalls and was wondering if this will work. I have an internal FTP server where we copy files to and they automatically get sent to an external suppliers FTP server who's network sits on a separate interface on our asa using a public...

Vulnerability on Cisco Products need the steps to fix

Need to know how to disable SSL V2,V3 and SSL RC4 and remove Poodle from sourcefire/Switch/ASA 550Switch: 3750Firewall: ASA 550Sourcefire: Model3D7110

TLS Diffie-Hellman Key Exchange Logjam Vulnerability

We have Cisco Security Manager 4.8 running on Windows Server 2008 R2, recently we have conducted a scan on the server, and the following vulnerability has been reported "TLS Diffie-Hellman Key Exchange Logjam Vulnerability". Note that we have exclud...

Standby FWSM module becoming Active

Hi Team, We have Two Switches 6509 as core for our one Customer and both the Switches have FWSM modules, as per architecture FWSM module of core-1 is active and FWSM module of Core-2 working as standby. We have scheduled Activity and conducted Powe...

Upgrading ASA

Hi, I have a scenario wherein I have a ASA 5520 configured as active/standby.Unfortunately I'm still running version 7.2 of the ASA, what I wanted to do is to upgrade to at least version 8.4.I know I can upgrade it with zero downtime, but my question...

Resolved! arp-permit-nonconnected issue with back to back firewalls

Good Morning, I have an issue similar to this, https://supportforums.cisco.com/discussion/11848306/arp-permit-nonconnected but is different in that the ISP has a firewall instead of a router in place.Connectivity between both firewalls (on a private ...

Resolved! ASA logging list config

Hi Everyone, On our ASA i see below configlogging list configuration level debugging class configlogging class config trap debugging Need to what is purpose of this config and where it will send log messages to? will this config send more logs to sy...

Unable to Telnet Port 465 to DMZ Server of Internet ASA

Topology: Internet Router-- Internet ASA --Fortigate Firewall-- Core Switch-- Data Center Switch-- Server(172.16.45.6)DMZ--(172.16.208.230) Problem:unable to telnet from Server(172.16.45.6) on port 465 to Internet ASA DMZ--(172.16.208.23...

ASA5525-X SSL Decryption

Hi ,I am new with dealing with Sourcefire , I have a question to ask , is 5525x platform with sourcefire module version 4.0.2 and Defense center 5.4.1 capable alone to decrypting the SSL traffic ? appreciating your help guys

Choosing the correct size ASA

Greetings, helping out a school district. Currently have an asa 5510 with advanced services and Trendmicro. Around 550 client PCs, no dmz, very little vpn, 100 mb Internet connection.Upgrading to possible 1gb Internet. More clients because of wire...

Resolved! FireSight and ISE User Identity Integration

We are wishing to migrate from CX/PRSM to FirePower/FireSight. I am researching feature parity. Today I use the CDA integration with ISE to passively capture the user identity of 802.1x wireless authenticated employees. The goal is to on demand produ...

Interactive Blocked Sites Allowing the Site Through

I created a web content rule underneath a policy that does an interactive block on certain web categories. I tested it last week and it worked as expected. I randomly did a test this morning while watching the real-time monitoring and it showed the a...

Resolved! NGIPS AMP

Hi We’re looking to use NGIPSv specifically the AMP portion to protect our network. We have 8 ESXi hosts managed under vSphere. We’d like to compare having the AMP endpoint on around 300 VMs against having a network AMP. Do we need to have a Fire...

Resolved! Setting CCP with ASA 5585X

APHA-ASA5585VPN# sh run | inc crypto pkiAPHA-ASA5585VPN# sh run | inc cryptocrypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-AES-128...

Network Security

Forum Posts

Resolved! 106021: Deny TCP reverse path check from

Dynamic NAT for Server

Vulnerability on Cisco Products need the steps to fix

TLS Diffie-Hellman Key Exchange Logjam Vulnerability

Standby FWSM module becoming Active

Upgrading ASA

Resolved! arp-permit-nonconnected issue with back to back firewalls

Resolved! ASA logging list config

Unable to Telnet Port 465 to DMZ Server of Internet ASA

ASA5525-X SSL Decryption

Choosing the correct size ASA

Resolved! FireSight and ISE User Identity Integration

Interactive Blocked Sites Allowing the Site Through

Resolved! NGIPS AMP

Resolved! Setting CCP with ASA 5585X

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

FMC - Failed to install rule update: Another Rule Update running

Hello, I have 3 questions about the FMC CLI, OCSCP and multiple certs

after FTD upgrade from 7.2.5.2 to 7.2.9 all snorts cpu are almost 100%

Hybrid Exchange/ SSL Decryption Error

FMC Unable to Join CSSM On-Prem

Cisco ASA RADIUS for SSH and LOCAL for Serial

9200和9300，通過管理口進行tacacs認證失敗，找不到原因

ASA Static Routing same IP with different subnet masks

General steps to migrade to a new Cisco Firepower hardware model

GeoLocation IP Package Download In 7.4.2 FMC