Network Security

Monitor pki certificate status via snmp

I recently discovered that a number of our remote sites could not connect to each other via dmvpn due to various certificate problems.They could all connect to our hubs due to pre shared keys, so the problem was never discovered before a colleague di...

ASA 9.1 No-NAT IP

Hi We currently have some ASA5510's running 8.2 and are planning to migrate to ASA5525's running 9.1 but have an issue when trying to upgrade the configuration in that it appears some routes we had are no longer supported so do not come over after th...

ASA 5550 issues

Dear all, I’ve configured 2 ASA 5550 active / standby (both with SFP module), they work very well when both of them are connected but as soon as I switch off one of them (to test the failover) then the running one tells me “ can’t find mate “ which i...

How to avoid swap of ASA Management IP addresses in case of failover ?

We have 2 ASA 5525X V9.1.2 in active/passive failover mode; they are managed via their M0/0 interfaceIs there a way to avoid that primary and secondary ASAs exchange their own IP addresses at time of failover ?the objective is to allow each ASA to be...

Resolved! ASA 5505 (8.2) DMZ to Inside - Howto

Hello,I'm Cisco ASA beginner who have Cisco ASA 5505 in his home. I just bought this because i want to learn more about Cisco CLI and im Cisco fan.My problem is strange, there is maybe a lack of knowledge, but this is my experience with Cisco for the...

ip nat pool no-overload prefix 22 (just starting out with the cisco training and wanted to know )

Above is the command ip nat pool no overload prefix 22 Does anyone know what the prefix 22 does and why it is added. I also and new at learning and currently studying and wanted to know any recommendations for taking the CCNA or CCNP and what onlin...

Trouble gettng TCP State bypass to function properly

I have a situation were we require asymmetrical routing. I have turned on TCP-State-Bypass and if I do a show conn I can see the connection with a B flagTCP OUTSIDE 10.10.20.15:1157 INSIDE 192.168.135.15:80, idle 0:00:12, bytes 564, flags UIOBHowever...

VPN logon vs AD logon

HelloI'm trying to implement identity firewall through ldap vpn authenticantion for machine which is not joined to the domain. I found that when I authenticate by vpn there are no logon event on DC (the username\password given at connection was only ...

Resolved! Cisco ASA Minor release upgrade

i can see in Zero down time upgrade you cant go from 7.0 to 7.2 directly. you need to go to 7.1 and then 7.2But if i dont care about down time. can i just upgrade my ASA from 7.0 to any 7.x?? will there be any issue?

ASA5505 licensed host limit of 10 exceeded

4Oct 17 201408:25:02450001199.255.120.168 Deny traffic for protocol 17 src inside:192.168.3.18/5077 dst outside:199.255.120.168/5090, licensed host limit of 10 exceeded. Can anyone give me some hints how my ASA5505 suddenly starts to deny traffic due...

Forward UDP 3290 through ASA5505

I need to forward UDP port 3290 from the outside of my network to any host on the inside interface.The application is a primitive voice protocol, whereby the client communicates to the server via TCP which port should be used for UDP communication. ...

ASA 5505/5510 Management Interface

Hi, Does anyone know a workaround to this limitation? (other than the "management-access" command for VPN connections) Management access to an interface other than the one from which you entered the ASA is not supported. For example, if your manageme...

Disable SSL v3 SSLv3 POODLE vulnerability on Cisco ACE appliance

Hi team, I am using Cisco ACE appliance (c4710ace-t1k9-mz.A5_2_2.bin) to offload SSL connection for one of our customer. i have perform the steps given on link https://tools.cisco.com/bugsearch/bug/CSCur27691 but still able to browse the webpage usin...

Resolved! ASA 5505 9.1 and NAT issues to single dynamic IP

Good afternoon everybody, a few days ago I tried setting up my ASA 5505 to allow access from the outside network to an Exchange server (ports HTTPS and SMTP) in my inside LAN.Everything seems to be working... until my outside IP address changes (for ...

Resolved! [SOLVED] Cisco ASA 5505 Deny UDP

Hello Everyone! I'm relatively new to Cisco ASA firewalls and I recently came across an issue which I wasn't able to google. I'm using 5505 with 8.2 firmware to act as a simple firewall for Asterisk. I'm having no problems doing the inbound calls - s...

Network Security

Forum Posts

Monitor pki certificate status via snmp

ASA 9.1 No-NAT IP

ASA 5550 issues

How to avoid swap of ASA Management IP addresses in case of failover ?

Resolved! ASA 5505 (8.2) DMZ to Inside - Howto

ip nat pool no-overload prefix 22 (just starting out with the cisco training and wanted to know )

Trouble gettng TCP State bypass to function properly

VPN logon vs AD logon

Resolved! Cisco ASA Minor release upgrade

ASA5505 licensed host limit of 10 exceeded

Forward UDP 3290 through ASA5505

ASA 5505/5510 Management Interface

Disable SSL v3 SSLv3 POODLE vulnerability on Cisco ACE appliance

Resolved! ASA 5505 9.1 and NAT issues to single dynamic IP

Resolved! [SOLVED] Cisco ASA 5505 Deny UDP

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

CSSM On-Prem with FTD on FMC

ASA5506-X SFR module always switches off after 10 minutes

Primary FTD looses connection to default gateway

ASA Cascading Contexts Example

eStreamer / EncoreCLI

school network

Problems pulishing webserver from FCM

ASA Pub IP NAT

Firewall blocking JW Player - Why?

FMC / FTD - Cisco Passive Identity Agent not working