Network Security

Resolved! NAT on 8.3+ question

I have an ASA running 8.4 code, and I need to do the following:Dynamic NAT on the outside interface for1 subnet2 different hosts on a different networkSo will something like this work?object network obj-192.168.20.10 host 192.168.20.10 nat (inside,ou...

ASA5510 Memory Upgrade 256MB to 1GB: Fail

Hello,I tried last night to upgrade the memory in my old 5510. It's about 5 years old and has the single memory socket. I followed the instruction included in the kit:Mfr. Part#: ASA5510-MEM-1GBI did wear an ESD wrist strap (genuine Cisco at that!) a...

Firewall Configuration Suggestion

I have 2 5585's that I want to install and connect to 2 different ISP's ( or in this case 2 different TLS connections to Verizon). I have no way of port channeling the two TLS connectons except at the ASA itself. The TLS connections are the the ins...

Diverting some traffic from the ASA's public IP, to the DMZ

Hey all, any ideas would be great.Scenario:ASA has outside interface with a public IP, say 1.1.1.1 (This IP is global natted so people can access the internet, etc)global (outside) 1 1.1.1.1I need to open up port 443 for a few external servers to hi...

Resolved! Multi-Tenant Firewall and Same-Security Subinterfaces IOS 9.0

Hello All,I'm so accustomed to < 8.3 and am having great difficulty getting an environment working properly so I'm now going to leverage the Cisco community!We are setting up a network with customers behind a pair of 5510s. All of these customers wi...

Mail and SMTP server settings of ASA Certificate Authority for cisco anyconnect VPN

Dear All,i have the folloing case :i am using ASA as Certificate authority for cisco anyconnect VPN users,the authentication happens based on the local database of the ASA,i want to issue a new certificate every 72 hours for the us...

ASA transparent mode bridge groups

Hello all,I have a question about ASAs in transparent mode with 9.1 software version.I have read that in the newer versions in transparent mode, you have to configure interfaces to belong to a bridge-group. Each bridge-group behaves independently fro...

Cisco NAC Agent stops working

Hello I need NAC agent in order to access the internet at my school. However, just today while I was browsing the internet I suddenly was redirected to the NAC page that asks me to login and download the agent. Now whenever I try to start up the agen...

Resolved! Source and destination ip under same interface of ASA

Hi Everyone,i was checking some rule on ASA to find specfic port open on the destination IP or not? and was given source and destination subnets.Object group network was used for this.Found that say we have interface Ciscosay interface of ASA is o...

access-group with "control-plane" in Cisco Pix/ASA

I have a Pix515 running version 8.0.4 and I have a hard time understanding access-group with "control-plane" option.As I understand it, "control-plane" is designed for traffics destined TO the firewall interface itself. If so, this is my configurati...

ASA5505 DMZ Configuration vs Linksys E4200 DMZ Configuration - Only one Public IP

I am using a Cisco E4200 router today but I am moving to a ASA5505. I have a device that sets up a VPN tunnel that I want to put in my DMZ. It's called the ATT Gateway. I have attached the diagram. When I use a Cisco E4200 all I do is put the ...

Cisco ASA UrlFiltering & Websense

Dear All;i have Cisco ASA 5550 and i want to do URL filtering using Websense sense,can i use Micorsoft Forefront TMG2010 as websense server to do that?the idea is to filter the HTTP & HTTPS URLs,if the Micorsoft Forefront TMG2010 ...

Cisco ASA Url filtering & Websense

Dear All;i have Cisco ASA 5550 and i want to do URL filtering using Websense sense,can i use Micorsoft Forefront TMG2010 as websense server to do that?the idea is to filter the HTTP & HTTPS URLs,if the Micorsoft Forefront TMG2010 is not suitable,ple...

threat-detection scanning-threat command

i find that ASA firewall can enable threat-detection to prevent syn flood attack, i am not sure is true or not, becuase i am not yet test this command.If that is right, what is the result with #threat-detection scanning-threat shun except 192.168.0.0...

Help with Expect command to change config on hundreds of ASA's.

Hi All,I'm looking for some help with the Expect command to automate some tasks, I'm certainly no programmer but I am struggling, here is an example of my script.#!/usr/bin/expect -f## This simple Expect script will add a new Syslog destination in# C...

Network Security

Forum Posts

Resolved! NAT on 8.3+ question

ASA5510 Memory Upgrade 256MB to 1GB: Fail

Firewall Configuration Suggestion

Diverting some traffic from the ASA's public IP, to the DMZ

Resolved! Multi-Tenant Firewall and Same-Security Subinterfaces IOS 9.0

Mail and SMTP server settings of ASA Certificate Authority for cisco anyconnect VPN

ASA transparent mode bridge groups

Cisco NAC Agent stops working

Resolved! Source and destination ip under same interface of ASA

access-group with "control-plane" in Cisco Pix/ASA

ASA5505 DMZ Configuration vs Linksys E4200 DMZ Configuration - Only one Public IP

Cisco ASA UrlFiltering & Websense

Cisco ASA Url filtering & Websense

threat-detection scanning-threat command

Help with Expect command to change config on hundreds of ASA's.

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

CSSM On-Prem with FTD on FMC

ASA5506-X SFR module always switches off after 10 minutes

Primary FTD looses connection to default gateway

ASA Cascading Contexts Example

eStreamer / EncoreCLI

ASA Pub IP NAT

Firewall blocking JW Player - Why?

FMC / FTD - Cisco Passive Identity Agent not working

FTDv\FMCv to replace MS ForeFront TMG

FMC configure FTD users