Network Security

Resolved! FWSM 2.3(5) and NAT CONTROL

Hi, I have a customer who is running FWSM version 2.3(5).I can see the show running-config all and I see a lot of nat exceptions (nat 0) but I don't find the nat-control command. I have two questions: 01) Someone knows if in the FWSM version 2.3(5) ...

ipsec vpn tunnel issue

I have a vpn tunnel that has been working but just recently stopped. I haven't made any changes on my end but I am not convinced that they haven't on the remote end. Here is what I get when doing a show crypto isakmp sa detail:6 IKE Peer: 1.1.1.1 ...

Resolved! ASA 5585-X Clustering error - ASA2(cfg-cluster)# cluster_ccp_make_rpc_call failed to clnt_call. msg is CCP_MSG_REGISTER, ret is RPC_SYSTEMERROR Cluster disable is performing cleanup..

Hello communityWe have configured our 5585-X SSP20 as in the following document:http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html#pgfId-1554629 Both ASAs are connected to our VSS - 6509Syste...

cisco asa firewall got hung up

Hi All,One of our Active firewall got hung up and didt get any console access. Then we rebooted the firewall, in order to find out what could have gone wrong, I collected the configuration and logs from the other firewall during the problem (i shut t...

Zone-Based Firewall and SIP protocol violation. Can anyone explain what Im missing on SIP inspection?

Hi all, We are trying to add SIP to our ZBF inspection. But rather than just adding match protocol SIP and seeing instant results, we get a protocol violation error on the firewall. Ive done some reading and most people claim that there was a bug in ...

ASA 5505 - Destination contains an invalid address 'outside-network'

Dear members,I'm trying to add a 'simple' rule for a resource internal to our network to be accessed from various external locations, I've added the rule under 'Access Rules' and entered the port required, it works fine if I leave 'Destination' to 'a...

ASA reverse NAT failure

I have a customer that has had issue with RDP. They try to RDP from 10.10.32.20 (LAN) to 10.1.2.248 (VPN external). I pulled the following from the logs:Jul 21 2015 12:54:08: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows...

ASA S2S VPN advice concerning NAT

Hi, We use the private space 10.0.0.0/8 for our corporate inside resources. One of our office has 10.29.0.0/16.We created a Site-2-site connection between 2 ASA between corporate network and office. This VPN works fine. From our corporate network we ...

Resolved! ZBF - Clarification

HI all, I am just seeking a bit of clarification with regards to Zonebased Firewalls (Cisco 1921)I have a ZBF with a number of internal Zones, non of these will need to talk between each other, I have an uplink to an upstream provider router that pro...

Resolved! identify ports between PCs

Hello GuysI need to identify ports between two PCs so that I can lock them down via ACL on ASA5512-x, the problem is how do I know what ports should be allowed and what should be denied? I am aware of 'netstat', but does it mean every single port on ...

Resolved! Filter SSH access to Cisco ASA from Internet

Hello,I have ASA 5520 with interface 'inside' in local network and interface 'outside' facing the internet.there are line ssh 192.168.0.0 255.255.0.0 inside for access to ASA from local network. And deny any any rule for incoming traffic on 'outside'...

Packet always hits Implicit deny/Packet dropped

I need help understanding the packet flow through an ASA and understanding packet tracer results. NAT Control is enabled on the ASA. Using ASDM, I updated an ACL on the ASA with the following: acl_1out line 1 permit udp host origination_host host d...

NAT AND ROUTING

Hi All,There is it... I've been fighting with an old school server admin for about 3 months now, and I came to conclusion to give up and do it his way... Just to make him!Anyways, there is the issue. Server admin guy has a few servers which I put i...

Resolved! Cisco ASA 5510 VER 8.2

Hello We have a cisco asa with internet working fine for inside users. We have set up a guest zone on the firewall. We are trying to allow users from the guest network to access the internet. What command do I have to set up on the firewall to a...

ASA 5545-X Multiple Context with BGP

Hi,I'm trying to figure out wheiter or not the new multiple context BGPv4 and BGPv6 feature works ok. I've not been able to find any related information on the Internet regarding people actually using this feature. Anyone any experience with this?Our...

Network Security

Forum Posts

Resolved! FWSM 2.3(5) and NAT CONTROL

ipsec vpn tunnel issue

Resolved! ASA 5585-X Clustering error - ASA2(cfg-cluster)# cluster_ccp_make_rpc_call failed to clnt_call. msg is CCP_MSG_REGISTER, ret is RPC_SYSTEMERROR Cluster disable is performing cleanup..

cisco asa firewall got hung up

Zone-Based Firewall and SIP protocol violation. Can anyone explain what Im missing on SIP inspection?

ASA 5505 - Destination contains an invalid address 'outside-network'

ASA reverse NAT failure

ASA S2S VPN advice concerning NAT

Resolved! ZBF - Clarification

Resolved! identify ports between PCs

Resolved! Filter SSH access to Cisco ASA from Internet

Packet always hits Implicit deny/Packet dropped

NAT AND ROUTING

Resolved! Cisco ASA 5510 VER 8.2

ASA 5545-X Multiple Context with BGP

pxGrid session subscription missing radius accounting session Id

Model Migration - 4110 Native to 4225 Instance S2S VPN Configs

ASA upgrade procedure on Hyper-V

Announcing the release of Firewall Migration Tool Version 7.7.10

CSCvx25052 - DOC: FTD Syslog messages 43000x missing from FMC

Upgrade 7.6 -> 7.7 stopped media and ftp, is inspection the culprit ??

SFDataCorrelator down on Standby FMC

Recovery of "admin" password in CIsco ASAv runnin on AWS

Cisco FMC Access control policy under default

AnyConnect MAC OSX exclude/include DNS not working