Network Security

Résolu! Unable to update Antivirus pattern from Cisco CSC SSM

I have a Cisco ASA 5520, with Cisco ASA-SSM-CSC-10-K9. ASA version 8.4.3. Since two days ago, automatic anti-virus pattern update for Cisco CSC SSM failed, error message as below:AntiVirusPattern : Pattern Update: The download file was unsuccessful f...

Résolu! No output for show sip in ASA5515?

Hi, At the firewall ASA5515 I see that sip packets are being inspected but the 'show sip' command gives 0 output.Below is the output Result of the command: "show service-policy inspect sip"Global policy: Service-policy: global_policy Class-map: ...

asa 5545 A/S failover: sync of config to standby fails

Hi,We have an issue with active standby failover synchronization in the two ASA 5545 9.1 versions:The synchronization does not happen to the standby unit.Are there known issues?After removing and connecting them directly by a utp cable (including a p...

ISE 1.2 customizing guestportal

We are using the ISE 1.2 for a classic wireless guest management solution. all works fine. now we want to customize the guestportal. At that point we are running into an issue. According to the ISE Config Guide we generated the html files: aup.html, ...

Résolu! pix nat problem

Hi Guysive created a policy nat on a pix 515E.Im trying to nat a group of ip's from the outside to a pat on the inside.I can see packets hitting a capture on the outside but nothing on an inside capture.As an example I want 10.1.1.1 to go through fro...

Cisco 891 and Stealth Firewall

How can I configure the Cisco 891 to have Stealth ports on the GRC Shields Up test ?https://www.grc.com/shieldsup

ASA blocks RPC TCP port 135 for intra-interface communication

I understand the fix to this problem with the "same-security-traffic permit intra-interface" command but I'm curious if anyone knows the reason behind by RPC on tcp/135 would need to consult the ASA for a host on the same subnet? The ASA is the gatew...

Does Cisco ASA 5510 support dual WAN (Dual ISP)

HI ALL Does Cisco ASA 5510 support dual WAN (Dual ISP). Active / Active or Active / Standby? Hugo

How to configure PAT AND DESTINATION ADDRESS TRANSLATION ON ASA 8.3>

Hey Guys,Please check my below configuration commands on asa 8.3>Question 1 : i want to send inside/dmz1/dmz3 internet traffic using firewall interface by PAT , please confirmif the following commands are correct?I. nat (any,outside) source dynamic ...

Résolu! ASA multiple context pre routing

Hello, I am trying to understand all of my options for routing to two different ASA's in active/active mode, which requires multiple context mode. I have an existing 4500E switch behind a single ASA 5520 right now, and the default gateway that the 45...

DNS attack vectors.(asa log - Deny inbound UDP due to DNS response)

One of the logs I see daily is something that looks like this. "Deny inbound UDP from 115.230.124.3/53 to 12.52.478.5/2713 due to DNS Response. Googling that log tells you that it is an ASA prevention method that shuts down that flow as soon as one ...

Can I create custom OID extensions or import new MIBs to my Cisco IOS router?

I have routers with the c7200-ik9s-mz.124-25c.bin image. I would like to expose firewall rules via an OID, but it didn't seem like there were any pre-installed MIBs which exposed that information. Would it be possible to import a new MIB (IP-ACCESS-L...

From URI issues with ASA SIP Inspection and NAT

Hi,Does anybody have a working configuration from an ASA running release 8.4.7 or 9.1.5 where the From header URI is correctly NAT'd calling from inside to outside?We were originally running 8.4.6 and none of outgoing header URIs were NAT'd. After up...

Can I Use an ASA5512-SSD120-K9 as Firewall Only and Purchase CX Licenses Later?

Hello,I'm thinking of purchasing a new ASA 5512-x, part number ASA5512-SSD120-K9 and just using it as a plain firewall (as if it was part number ASA5512-K9) and purchase the CX license(s) at a later date when funds are available. Is there any reason ...

Default HTTP inspection map

Hi guys.When configuring Inspect HTTP there is an option to use Default HTTP Inspection Map.Its used here as an example on the documentation;From the Select HTTP Inspect Map window, check the radio button next to Use the Default HTTP inspection map. ...

Network Security

Messages de Forum

Résolu! Unable to update Antivirus pattern from Cisco CSC SSM

Résolu! No output for show sip in ASA5515?

asa 5545 A/S failover: sync of config to standby fails

ISE 1.2 customizing guestportal

Résolu! pix nat problem

Cisco 891 and Stealth Firewall

ASA blocks RPC TCP port 135 for intra-interface communication

Does Cisco ASA 5510 support dual WAN (Dual ISP)

How to configure PAT AND DESTINATION ADDRESS TRANSLATION ON ASA 8.3>

Résolu! ASA multiple context pre routing

DNS attack vectors.(asa log - Deny inbound UDP due to DNS response)

Can I create custom OID extensions or import new MIBs to my Cisco IOS router?

From URI issues with ASA SIP Inspection and NAT

Can I Use an ASA5512-SSD120-K9 as Firewall Only and Purchase CX Licenses Later?

Default HTTP inspection map

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

Knowledge Hub: Cisco Technology for Securing the Enterprise

Announcing Resources That Guide You to Success

Attack Risk & Netwoork risk Report FMC

configure SNMP inform retry and duration on FMC

FMC doesn't show all SGTs in Connection Log and Unified Events

exercicio

Cisco FTD portscan

FTD integration with Cdo

N3548 ecounter OpenSSH < 9.6 Multiple Vulnerabilities

FMC HA between VM and AWS

FTD and DDNS

Can FMC running on 7.2.5 support FTD running on 7.2.8?