Network Security

Resolved! Cisco ASA Port vs Object in Access Ruloes

HiThis might be an easy one but just confuses me slightly as I am just starting out configuring asa firewalls. When configuring an access rule, what different does it make for the source, if I choose the INSIDE interface or an object group which defi...

NAT Issue ASA 9.1

Hi Experts,Please help me on this, I have upgraded my cisco asa from 8.2 to 9.1 version. I know that cisco made huge changes in NAT configuration. The firewall 8.2 is configured with lots static PAT and dynamic PAT lines. Now I am going to convert t...

Resolved! Cisco ASA 5505 Failover issue..

Hi, I am having two firewalls (cisco ASA 5505) which is configured as active/standby Mode.It was running smoothly for more than an year,but last week the secondary firewall got failed and It made my whole network down.then I just removed the connecti...

Web filtering

hi all,currently, we're doing web filtering (on layer 3) via open dns cloud service.i know we can do regex and use a CX module.is there any other ways (or option) to do web filtering/DPI on the application layer with a NGN 5500-X firewall?http://www....

Resolved! NAT ASA from 8.2 to 9.1

Hi Guys I am after a bit of advice on Static NAT changes. I have just been asked to upgrade an old ASA in a company. T he old rules are (there are rules for translation both ways in the ASA, and a lot of them) (IPs have been changed)static (inside,ou...

Resolved! ASA5505 with anyconnect essential license cannot pair

Hello,I have two ASA5505 with security plus license.The two ASAs are identical apart from ANYCONNECT ESSENTIAL license which is enabled only in one of the firewall.When I try to configure failover i get the following message:" Mate's license (AnyConn...

Cisco IOS Local URL filtering - 12.4 advsecurity

Hi all,Im encauntering a problem on adding URL domain to block . Below is my configclass-map match-any URL_LIST match protocol http host *youtube.com match protocol http host *facebook.com ******** total 24 "match protocol http" command here ***...

netflow from ASA

hi,I am having trouble receiving flows from ASA. There is no flow information on the netflow collector (Scrutinizer) and the only information it shows about ASA is its availability. I am using below config: access-list global_NF extended permit ip an...

Cannot Get Static NAT Working

I'm prepping to put a 5545-X in to replace a 5505. The 5505 was running pre-8.3, and our new one is running 9.1. I have been trying to do the most basic thing I thought possible (statically NAT'ing an internal server) and have had zero success. Can s...

Traffic Between INSIDE and DMZ Cisco ASA

I need to be able to ping a DMZ host from an INSIDE host and visa versa. I have tried configuring a static nat as follows static (INSIDE,DMZ) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 I created an access-list called EXEMPT which permits any...

FirePower Services

Hi , I am fairly new to the Firepower services, I am currently ordering equipment for a client, namely 2x 5516-FPWR-Bun Firewalls, I just want to confirm 2 things, Do I need a FirePower IPS Licence (L-ASA5515-TA) per device? and secondly do I only n...

Resolved! ACE ordering

Hi, I have a really long access list that has the following 2 entries, in this order, contained in it:show ip access-list blah<output omitted> 1010 deny ip any 192.168.1.128 0.0.0.63 log (no matches)1200 permit tcp host 192.168.1.130 gt 1023 any e...

Denied ICMP type=0 ... : no matching session

Hi,I am unable to get a ping response from a host whose gateway address is the ASA and it’s configured on an another VLAN. Note that connect to the host on other protocols i.e. RDP, HTTP, 23 etc. Topology is something like this.My desktop is connect...

Configure one-way traffic on two ports

Hi,I have a ASA 5525 that connects to two networks - eg 10.10.10.0/24 and 11.11.11.0/24. Due to a requirement I need to configure port 0/0 for one-way out going traffic and 0/1 for one-way incoming traffic.My ASA ports will interface a BAE's data-dio...

Can't Find SKUs in CCW

Hi - I just can not find the following SKUs in CCW . Anyone can help with correct SKU and its replacement part numberDS-FIPS-KIT = REV-BOCisco4 labels and 0 shield per kit for ASA 5520ASA5585-X-FIPS-KITCisco8 labels and 1 shield per kit for ASA 5585

Network Security

Forum Posts

Resolved! Cisco ASA Port vs Object in Access Ruloes

NAT Issue ASA 9.1

Resolved! Cisco ASA 5505 Failover issue..

Web filtering

Resolved! NAT ASA from 8.2 to 9.1

Resolved! ASA5505 with anyconnect essential license cannot pair

Cisco IOS Local URL filtering - 12.4 advsecurity

netflow from ASA

Cannot Get Static NAT Working

Traffic Between INSIDE and DMZ Cisco ASA

FirePower Services

Resolved! ACE ordering

Denied ICMP type=0 ... : no matching session

Configure one-way traffic on two ports

Can't Find SKUs in CCW

Modifiying FTD instance on FTD3130

Upgrade 7.6 -> 7.7 stopped media and ftp, is inspection the culprit ??

Model Migration - 4110 Native to 4225 Instance S2S VPN Configs

ASA upgrade procedure on Hyper-V

Announcing the release of Firewall Migration Tool Version 7.7.10

Cisco FMC Access control policy under default

AnyConnect MAC OSX exclude/include DNS not working

FTD Migration Question

License Help For ASA5510

Firepower EOS 1120