Dear all, to harden secure our PIX does it make sense to deploy a bridged F/W (pfSense, Astaro UTM ...) in front of the outside I/F of our PIX? Thanks in advance for any comment! Greetings, Rainer
If any of you have updated your Java recently, you may have noticed a warning saying that future versions won't support self-signed certificates. I've updated my Java run-time to version to 1.7.0_51 and suddenly the ASDM stopped working (unable to l...
We are so confused with the settings like per-client-max and conn-max in ASA. Here's our settings below for all tcp incoming to interface outside. Class-map: TCP_SYN Set connection policy: conn-max 60000 embryonic-conn-max 200 per-client-max 20...
Hi all,Some might know that I have been dealing with an issue where I cannot seem to get forwarded packets to reach their destinations behind an ASA 5510 that has a Cisco 2811 connected directly behind it. Some examples that work.I can SSH into the A...
I'm running into an issue where the IPS is not pingable from the gateway (switch) or internal network, but the IPS is able to ping other networks. For example:I had the ASA configured according to the Cisco recommendation of configuring the managemen...
Hi allWe have a setup where the firewall is the default gateway for all clients, the firewall then routes some traffic to a wan router, the router is on the same lan as the internal interface, so hairpinning effectivelyMy question is, the return traf...
Hi guys,I've configured call home on my ASA and am exporting using xml. Does anyone have any software (or other) recommendations to make reading the output a little easier!?Thank you.
Hello,Im french so sorry for my english , i will do my best to explain my question.Im actually working on Cisco PIX 501 ( for school ).I have to do some test on it , search what is able to do and how to proove it...My question is about Cisco ASA ( Ad...
Hi,When I try to deploy ZBFW rules to my router, CSM gives me the following error:%No specific protocol or access-group configured in class CSM_ZBF_CLASS_MAP_6 for inspection. All packets will be droppedCSM_ZBF_CLASS_MAP_6 It is also deploying strang...
Hello,I'm working on ASA migration from 8.2.5 to 9.1.2. When I try packet trace for static nat testing purpose from ASDM the destination address is not populated by nat ip but the real one. That happen only on a specific interface which is full of na...
We are in process of migrating to different ISP thus we have to change the Public IP Addresses.I have no issue changing inside and outside ip address but the servers in the DMZ are the issue.We want clients access the DMZ servers from new and current...
Hi guys,Strange NAT issue on my ASA 5512 (9.1). I have a site to site VPN set up between two sites and have configured multiple NAT exemption rules and a dynamic NAT rule, NAT'd traffic is for any traffic not exempt. Testing to the remote-network was...
On our ASA 5545 Cluster, Software Version 9.1(4), the Failover Tracking Interfaces show Unknown (Waiting). When the ethernet cable is pulled on one of the tracking interfaces of the active ASA, failover does not happen.ASA1# sh failoverFailover OnFa...
HiMy asa is sitting behind a router the next hop from the ASA to the router is 10.0.0.5 I have tried to change the default route to route DMZ 0 0 10.0.0.5 to no availability right now the default route is (S* 0.0.0.0 0.0.0.0 [1/0] via 172.16.8.20,...
