Network Security

I have a Cisco ASA 5550 and using ASDM 6.2.Opening the ASDM, in Firewall Dashboard, in Top 10 Access Rules, show the second rule with more hit: "interface X | source: any | Dest: any | Service: ip | Action: Permit.During the day, the hits increase an...

Hello,Does anyone knows how long are the IP-to-user mappings kept on the Cisco Context Directory Agent?Is there a setting that dictates for how long to keep these mappings if a user doesn't logoff? The scenario i have seen is that user lock their PCs...

I have been struggling to add commands to open ports to my access list.  They are needed for the alarm system and our voip.Below is my current one,  but not sure where to put in the requirements below in red. Realy need help fast as these services ar...

Hi All, Please correct me If I am wrong. I am upgrading from 8.0 to 8.4. One of my customer has nat rules in 8.0 as belowFor all the access lists for below they used permit ip any anynat (inside) 0 access-list xxxxxnat (outside) 0 access-list xxxx ou...

i'd like to change the outside address that my 5540 listens on for our ipsec vpn clients, where exactly do i change this?  perhaps in nat rules (tcp 1000?) we have a /29 and i'd like to replace our pix that is serving as our vpn and would love to reu...

Hi All,Recently observed constant high cpu in asa firewall with version 8.2.5 - 80% utilization. The process consuming more cpu is - tmatch compile thread around 60%. Do you recommend downgrade to 8.2.3 or is it an opened bug in the current version 8...

I have an ASA 5512 running asa915-smp-k8.bin I enter the following commands and get this error.FW-5512-ASA(config)# object network TCP_OWA_443FW-5512-ASA(config-network-object)# nat (inside,outside) static interface service tcp https httpsERROR: NAT ...

how to allow only HTTP traffic to a network at the ASA equipment Thanks for your help

Hello,I'm currently facing a problem in our environment, of which I'm not sure how to solve.There are 3 Firewalls:  "Customer" -----vpn------ "IT"------vpn------ "DC" There is a VPN tunnel between "Customer" and "IT" that is working. No NAT is used. ...

I want to PAT traffic from the remote sites after it arrives at the ASA from the site 2 site VPN and as it goes out the "inside" interface. See attached diagram.I want traffic from 192.168.90.0/24 to be PAT to 192.168.36.90 as it goes out the "inside...

Hi expert, i have cisco asa 5515-cx with software cx version 9.1.1 (1)  the problem is when i try to block facebook games but is not working. any solution for this regardsFirhan

I have 2 ASA'sOne in  production with a DMZ connection to a second one that I am using.(called lab)From within the LAB ASA I can ping to systems on the lab site and to the  internal interface on the production ASA.When I am on a Windows server in the...

Hi,Following ports required to access ESXI host via vSphere client from outside WAN.902 Incoming and outgoing TCP, outgoing UDP443, 903 Incoming TCPI have added IP NAT below on our Cisco 1800. Able to login to vSphere. however, unable to access virtu...

Hi,I am new to this field.Kindly suggest how to enable IP spoofing on ASA.Regards,MItesh Manwtakar