Network Security

Resolved! DMZ to outside Cisco ASA 5505

Hi, i have problem configuring DMZ to access outside.I'm not able to ping from DMZ network to DMZ interface (gateway) neither am i able to contact the internet with DMZ hostsI'm able to ping from LAN to LAN gateway (inspect ICMP service policy) inter...

Resolved! IPsec S2S VPN Encap/Decap

hi,i created a S2S VPN and the ASA2's internet connection isn't that good and some packet losses would be 'normal'.i'm not sure if that relates to the unequal encap/decaps on my 'sh crypto ipsec sa' output.is the below reading normal? ASA1: #pkt...

Resolved! ASA CX flow cache and timeout

I am doing some testing of access and identity policies and need to make sure that when I run a test of changes to the policies that I am seeing accurate results vs. getting inaccurate results due to the ASA still using active flow or cached settings...

Resolved! Purpose of inside_access_in permit ip any any

Hi All,Reviewing some firewalls from a company acquisition and moving to standardize configs with the existing firewalls. I see they've configured the following, and I fail to see it's purpose and hoping someone can provide some insight.These are 55...

Inspect on the inside or outside interface?

For IOS Firewall, which is better to inspect on the inside interface or the outside, it appears you can go wither way.

ASA 5505 ver 8.2(5) to ASA 5510 ver 9.0(2) NAT Problem

Brought up the 5505 today with a site to site VPN.The site to site tunnel is up and I have a constant ping on a machine inside the 5510 network(192.168.0.0/24) going out to the 172.16.100.0/24 on the 5505 network. I see the traffic leave the 5510 and...

Resolved! Identity NAT on 9.1

hi all,apologies for my NAT getting rusty, just a quick confirmation if my identity NAT below is correct: object network IDENTITY-NAT-OBJ host 111.203.23.1object network INSIDE-NET-OBJ host 111.203.23.1 nat (inside,outside) static IDENTITY-NAT-OBJ...

Adding existing license to new or existing Cisco ID (CCO ID)

In order to add the existing license to new CCO ID please follow the steps below: Login to License Registration portal with CCO ID and passwordClick on View Existing License Link, Click on "Add License" Select "Source Fire License Key" from the pull ...

Resolved! Web server: In Static NAT with PAT (Out with dynamic PAT) 8.2->8.3+

so in the "old" 8.2 ASA OS, I wanted something like this:static nat a few ports inbound for web and email traffic to an inside server (using outside IP2)allow this inside server (and all the other DMZ servers) to browse the internet with a global PAT...

Outdated OpenSSL package - does ASA have Open SSL ?

Hi All,On one of our firewalls we hosting a application/service which impacts clients and we recently conducted a Pen test, the external company doing the Pen test have advised us that there is a vulnerability relating to OpenSSL. We have checked the...

NAT syntax in 8.3+ ASA

So i understand the basic syntax for NATing a single internal network to an outside interface for allowing internet access. Something like below... object network NAT_INSIDE_NETS subnet 10.0.0.0 255.255.255.0object network NAT_INSIDE_NETS nat (ins...

Access Control List to block IP cameras

We have 2 IP camera in the computer room and we would like to use an acl to control http access to the individual IP addresses and only leave the access through the server. The server is on port 21. The Cameras are on an unmanaged switch hooked to t...

ASA 5520 throughput

Hello,we have 2 ASA 5520s (active/standby) which have a throughput of 450mbps and we have been hitting this recently and the CPU goes through the roof and I see overruns too.I've been using this method to gather the stats, but it is too manual and I ...

Bug CSCur94645

Hi, community! Bug CSCur94645 is related to incorrect packet generated by ASA, when you try to log in ASDM via RADIUS authentication.As it seen in bug description - it's fixed, but fixed releases include some strange one: 100.12(0.109)100.13(0.14)100...

Upgrade FWSM 4.0 to ASASM 9.1

We are getting ready to upgrade from a FWSM running 4.0x to an ASASM 9.1.5. I have run the migration tool and uploaded the config to startup and let it boot. I have seen several references to having the change access-lists to use the real IP not the ...

Network Security

Forum Posts

Resolved! DMZ to outside Cisco ASA 5505

Resolved! IPsec S2S VPN Encap/Decap

Resolved! ASA CX flow cache and timeout

Resolved! Purpose of inside_access_in permit ip any any

Inspect on the inside or outside interface?

ASA 5505 ver 8.2(5) to ASA 5510 ver 9.0(2) NAT Problem

Resolved! Identity NAT on 9.1

Adding existing license to new or existing Cisco ID (CCO ID)

Resolved! Web server: In Static NAT with PAT (Out with dynamic PAT) 8.2->8.3+

Outdated OpenSSL package - does ASA have Open SSL ?

NAT syntax in 8.3+ ASA

Access Control List to block IP cameras

ASA 5520 throughput

Bug CSCur94645

Upgrade FWSM 4.0 to ASASM 9.1

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

after FTD upgrade from 7.2.5.2 to 7.2.9 all snorts cpu are almost 100%

FMC Unable to Join CSSM On-Prem

Fixed: "show conn flow-rule qos" gives Syntax Error: Illegal parameter

ISA 3000 I/O contacts for red light kill switch ?

ERROR(567): No database files are available on Cisco Security Manager

ASA Static Routing same IP with different subnet masks

General steps to migrade to a new Cisco Firepower hardware model

GeoLocation IP Package Download In 7.4.2 FMC

FMC-ASA-SFR compatibility

FMCv Migration FMC2700