Network Security

NAT Issue ASA Version 9.0(1)

Hi,I am havning somw trouble in configuring NAT on intranet firewall. Below is my scenario and I would appreciate If any one can help me to resolve this issue. here is the my topology: DMZ Network - - - - - - - - - External Firewall - - - - - - ...

Resolved! Two separate address pools on the same interface?

I'm something of a routing novice so bear with me...We have an ASA 5510 and we also have two separate address pools which have been provided by our ISP. The addresses are not contiguous. Is there a way to configure an interface on the ASA to handle...

Help with Delta Values needed

Below is an example of the output from a “show access-list” command on the Cisco PIX/ASA.NDC-FW-01# show access-listaccess-list allow-in line 1 extended permit tcp any host <IP_1> eq www (hitcnt=186) 0x67305930access-list allow-in line 2 extended per...

Resolved! Comcast and Cisco ASA 5510

I have this problem and Comcast is not a help in resolving.We just changed over to Comcast Business and after changing the outside interface to new IP and setting static route.I have access to internet and everythig appears to be good,However asdm w...

VPN - Invalid SA protocol type: 0

Hi,Can one say why do below error occurs at IKE phase 1 negotation:[Cisco] [IKE] ERROR: Invalid SA protocol type: 0[Cisco] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. [Cisco] [IKE] ERROR: Phase 1 negotiation failed d...

Can't get to GUI on ASA via browser

Every time I type in https://192.168.1.1 into my web browser, it keeps giving me a "page cannot be displayed" error and it happens on any browser. I'm running Java 6 update 7. I could get on it before when I used it to download ASDM but for whatever ...

Resolved! License requirement for Zone-Based Firewall

I am looking to implement Zone-Based Firewall on some 2900 series routers (2911 and 2921.) Based on some research I've done it looks like the cisco2911-sec/k9 and cisco2921-sec/k9 bundles should be all I need. Is this correct, or is there some othe...

ASA 5505 Power Failures

Over the course of the past three days, our ASA 5505 firewall has shut down twice. I looked through the Field Notices and it looks like this was a problem identified several years ago that was resolved for units built after June 1...

recursive infinite Object NAT in ASA

Dear All,If i use the following config in ASA. what will happen..?object network inside_10 host 10.10.10.10 object network outide_192 host 192.192.192.1 object network inside_10 nat static outide_192 object network outide_192 nat static inside_10...

Resolved! NAT exempt for RFC1918 to RFC1918 traffic (VPN traffic) on ASA 8.4

Hi,I want to NAT exempt all traffic from inside interface with source address in "RFC1918" to any RFC1918 destination to be NAT exempted. Can I use all 3 IP ranges in one single Object and use as follows:!!object-group network RFC1918 network-object...

Segmentation of CLI users populations

Hi folks,I don't know if I writting on the right forum, excuse me for that, but I'll go straight to the point.I was assigned the task to allocate the CLI commands per user basis, and by now the only options that I seem to fou...

Resolved! ASA5510 internal flash requirement for IOS 8.2(5) upgrade

Currently my ASA5510 has a 64MB internal flash. Does the ASA require a higher capacity flash for an IOS upgrade from 7.2(x) to 8.2(x)? The Cisco Release Notes does not state any internal flash requirement, but just wanted to double check.

Configuration mismatch on Standby ASA

act# sh console-output Message #1 : Message #2 : Total SSMs found: 1Message #4 : Total NICs found: 7Message #5 : mcwa Message #6 : i82557 Ethernet at irq 11Message #7 : MAC: 442b.035d.3857Message #8 : mcwa Message #9 : i82557 Ethernet at irq 5Mess...

CISCO ASA 5510 source basing routing

Hi, all!several organizations wants to place their equipment and servers in my datacenter. They want to use the same resource - 10.3.1.5. I want to connect their servers and VPN-gates via my CISCO ASA 5510. When the organization was the only on ASA w...

Resolved! PAT limitation

Hi,I'm pretty sure the answer to this is that only one-to-one NAT will do, but in case I've missed a trick, please let me know. I have several internal devices that need to use PAT (due to limited global ip addresses) as shown below where incoming tc...

Network Security

Forum Posts

NAT Issue ASA Version 9.0(1)

Resolved! Two separate address pools on the same interface?

Help with Delta Values needed

Resolved! Comcast and Cisco ASA 5510

VPN - Invalid SA protocol type: 0

Can't get to GUI on ASA via browser

Resolved! License requirement for Zone-Based Firewall

ASA 5505 Power Failures

recursive infinite Object NAT in ASA

Resolved! NAT exempt for RFC1918 to RFC1918 traffic (VPN traffic) on ASA 8.4

Segmentation of CLI users populations

Resolved! ASA5510 internal flash requirement for IOS 8.2(5) upgrade

Configuration mismatch on Standby ASA

CISCO ASA 5510 source basing routing

Resolved! PAT limitation

Hearty congratulations to the December Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

FMC warning when trying to run a deploy [update failed/in-progress]

Change ASA Secondary device into Primary permanently

FTD manger by FDM and RADIUS authorize-only

Possible to send IoC events from FMC to SNMP/Email?

Anyconnect on Cisco 886 not working

"logging monitor debugging, logging buffered debugging..."

Firepower denying packets due to wrong category

ISE Configuration 802.1x

Anyconnect Profile

SSH Configuration , Outside Interface, Cisco Firepower 1100 Series