Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

Control Plane ACL for WebVPN

Hi some time ago we restricted access to our webvpn portal via the following aclaccess-list outside-control-plane remark Allow VPN Access From Officeaccess-list outside-control-plane extended permit object-group Net_Access object BCH_Man_Range anyacc...

Resolved! ASA 5512-X version 9.1 multiple contextes supported?

Hi All,could soumeone please let me know if on the ASA 5512-X virtual contexts are supported with version 9.1 ?I found different information on the Cisco web, the ASA datasheet says it is supported but in the configuration guide I found exactly the ...

object-group with network-object containing an IP address range

Hello,Does the ASA treat an object-group with a network-object containing a range of IP addresses as a netmask? For example, I can apply this configuration without the ASA throwing any errors though the configuration calls for a 'net mask':object-gro...

Resolved! ASA strange drops

Hi,We have an ASA with 8.4(5) version. we had detected that few ip's were getting shunned ,to overcome the problem no shun was used and the traffic normalised.But, the same problem re-occured a few days after that with logs showing traffic being shun...

Resolved! ASA 5505

I have an inherited ASA 5505 V09. It will not allow connection to the ASDM web page using the default IPaddress followed by /ADMIN. It does provide DHCP address assignment to connected devices. It does respond to the console connection using a ...

Multiple Public IP Addresses To Be Used For DMZ - ASA 5505 - IOS 8.4(2)

I'm trying to figure out how to forward an IP address to my DMZ servers allowing me to use the ACL to control access to the servers within my DMZ interface (LAN). I can't figure out if the ASA handles that automatically when a NAT rule is created, o...

Resolved! searching destination via ASDM, how with 8.3+??

When using ASDM with 8.2 and older code it was easy to search all ACLs based on destination IP by using the filter. With 8.3 and newer code (I'm testing 9.1) this is no longer the case since ACLs now use real IP. Is there anyway to search for the N...

5512 policy routing alternative?

From what I can find the ASA does not support policy routing so I'm stumped on this. I have two VLANS that need to go to the same destination but different routes. Anyway to accomplish this on the ASA?

Resolved! Updating ASA 8.2 to 8.4(5)

Could someone please give me a clear explanation on what is the feature option " Proxy ARP on egress interface" used for on the ASA? I'm about to upgrade a ASA from IOS 8.2(1) to 8.4(5) and I am trying to determine if it should be enabled or disabled...

Which ASA Software Version to Use?

A few questions:1. Is there a rhyme or reason on what is posted on CCO under the "Latest Releases" header? Right now, it has 9.0.2.ED, 8.4.5.ED and 8.2.5.ED listed (but not 9.1.1.ED). Instead, 9.1.1.ED is listed further below under "All Releases". ...

Alta disponibilidad entre un FortiGate 300C y un ASA5545

Hola que tal, un cliente requiere de un esquema en donde un ASA 5545 se pueda implementar con un FortiGate en una red para un esquema de alta disponibilidadAlguno de ustedes ha visto algo similar? Conocen de cuales serían los reque...

Checking traffic from ASA using ASDM

Hi everyone.I need to check if our ASA allows access to IP 192.168.x.x which is DNS server at remote site.I try the packet tracer and choose the interface and source and destination IP.What source and destination port i choose while using the AS...

ASA receiving two default routes to internet via OSPF

I am trying to test something for a client. If I have an ASA that receives two default routes to the internet via OSPF, will it load balance those connections? I have a feeling the answer is 'no.' If that is the case, would the ASA would be at lea...

Resolved! access-list still needed with the PAT

Hi,can anyone please let me know an if access-list is still needed with the following PAT entry on asa firewallstatic (Inside,Outside) tcp 77.x.x.x port1288 192.168.x.x port25 netmask 255.255.255.255Thanks,

Simple & fast firewall

Hi there,I want to connect a windows 7 machine (A) to a SLES server (B) located in a physically different location. However I don't want A to be reachable by any other machine.The only way I can see to do that is to put a hardware firewall in front o...

Network Security

Forum Posts

Firewall Migration Tool v7.0.0.1 now live!

Control Plane ACL for WebVPN

Resolved! ASA 5512-X version 9.1 multiple contextes supported?

object-group with network-object containing an IP address range

Resolved! ASA strange drops

Resolved! ASA 5505

Multiple Public IP Addresses To Be Used For DMZ - ASA 5505 - IOS 8.4(2)

Resolved! searching destination via ASDM, how with 8.3+??

5512 policy routing alternative?

Resolved! Updating ASA 8.2 to 8.4(5)

Which ASA Software Version to Use?

Alta disponibilidad entre un FortiGate 300C y un ASA5545

Checking traffic from ASA using ASDM

ASA receiving two default routes to internet via OSPF

Resolved! access-list still needed with the PAT

Simple & fast firewall

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Change IPS and AMP Policies to enforcement mode

FTD SSE Connector Service down

Problem with ssl decrypt-resign on Cisco Sefure Firewall

FTD reboots and the active firewall losts all of the User ID entries

ASA AD LDAP Authorization belonging to multiple groups

Migrate cisco FTD from series 2000 to series 3000

ACL on VTY Line Blocks All Connections

ASA Help With NAT for Printer

Does the FMT overwrite all FTD configuration if only selecting NAT

Can't ping from FTD managemnt to FMC