Hello,I am having this strange issue with the HTTP traffic passing through the firewall. There is no any policies configured on the CX module for web or application filtering however when I reload the CX module, the traffic is being allowed through t...
Hi,I have configured 10 interface vlan on my cisco core switch 6509.However I want my users SSH it on management IP only. SSH access on other IP (defined for each interface vlan) should be blocked by switch.Kindly suggest how to configure this.Thanks...
I have to install an ASR1001 on the internet for my company. I noticed the ASR1001 has a dedicated managment port and I was wondering if it's a security risk to have this mangment port directly connected to my LAN, so I can mange it from my desk.I o...
Hello,I see that with threat-detection enabled and configured, I can use the "threat-detection scanning-threat shun duration [time in seconds]" to shun IPs that are scanning for open ports.Is there a way to shun syn-attacks that I have a threshold se...
Trying to setup dynamic access policy to restrict some users from being able to get on VPN. Our default policy allows everybody on VPN, we just need to exclude a small number of contractors. I created an AD group called NoVPN & put a new test user in...
Hi I have a question on management of ASA confifigured with ASA failover. I dont understand why the management ips on both ASA need to be on the same subnet and why management configuration should be part of the configuration synchronization between ...
I have a requirement to use a prefix list on an ASA (8.4.3) to redistribute selected static routes into OSPF. I can do this on ASDM but when CSM (4.2) discovers the policies it identifies the prefix-list as an unsupported feature. Then when I come ...
Wanted to check few things while I'm on the planning of migrating ASA5510 to 5515-X. my questions are:1- on the ASA 5510 I do hace security+ license, on the ASA5515x will it come with that license included or do I have to buy it separate.2- on the ...
Dear Members, I have received a query from one of our clients and they are insterested in replacing CISCO2911-SEC/K9 with ASA5512-X.They are not running any voice services on the exisitng router. Please suggest me if this replacement will be possible...
Hi, please help me to resolve the issue. i have created a DMZ Zone Network with public IP Addresses.i have created Identity nat for DMZ Network access the internet. The server in the DMZ Is accessable from Internet.To ac...
Hi Cisco Expert, Is there a signature that can detect sniffing of clear text data like password.E.g sniffing on HTTP and FTP applications. Regards,Jhun
I want to capture a copy of my running config on my 5510 ASA v8.4(1). I know I can do this in the ASDM - tools-backup conf- but my question is can I do this backup on my ASA that is in production without causing issues or interruptions to my product...
Hello all, about to go through a penetration test and was wondering if there was a checklist of things to do to tighten down an ASA as much as possible. Something like 1) turn off this service 2) Set this to that. etc. I know every environment is...
Been pasting config from old 5520 - 8.4(7) to 5545 - 9.1(1) and some commands are not takinf. Could anyone give me some insight as to why? There are more but I thought I would start with these.Thank you*****crypto ca trustpoint ASDM_TrustPoint5 enr...
