Network Security

Hi,I am getting alert on high discard rates on FW interfaces via a monitoring tool.  Just want to validate if the packets dropped by ACL's are also contributing to the high discard rate counter?  If this is the case what would be an acceptable thresh...

Hi ,We are using Cisco ASA 5550 with verison 8.0.5.We having below setup in our network Site 1                     Site 2                |                                |Fw -------> Metro ------> Int Fw ----Internet Setup - - Each site havin Cisco A...

hello to all members:-    i am trying to convert my old ASA ios config to new. could you guys review and let me know the convertion is look correct???oldaccess-list MGMTSOFTWARE_access_in extended permit tcp 192.168.3.0 255.255.255.0 host 10.0.9.5 eq...

Hello Everyone,I need configure destination NAT in my ASA 8.2 version only for a specific origin.Today, the network 10.84.25.0/24 access the web server with IP 172.17.3.150, i need nat the IP 172.17.3.150 to 10.96.202.10 only for 10.84.25.0/24 networ...

Hi Experts,I believe this everyone is doing OK and getting along with your are doing? I have this funny scenario that happened on ASA 8.4 I configured recently for DMZ static nat. See the topology attached. I did configure the inside with a PAT objec...

Hi All,I'm configuring the nat on a ASA5525 running on 9.1.2 and got 2 questions, 1. Is the below overlap warning message normal and will not cause any issue? 2. Is there a simple way on 8.3 and later to fulfill the same functionality like 8.2 and ea...

Hi,I would like to config "when host X on vlanX goes to a network that is across an ipsec tunnel, for which vlanX network is not in the encryption domains, translate host X address to that of the asa in a network that is part of the crypto domain".In...

Hi,I just managed to completely screw all our tunnels when trying to configure l2l to allow a remote peer with dynamic address to form a tunnel with me.I'm pretty confident that my dyn map kicked in on every tunnel, and then the phase 2 would fail be...

Hi everybody I am just trying to understand how Cisco's security products evolved so I can better understand themThese are some questions I have:1)  Before PIX came along, what Cisco product we  used and what security features we could implement with...

Hi Experts,My setup is as belowinside host--> ASA1--Outside interface- layer_ 2_Switch1--outside interface--> ASA2--inside interface-DHCP SERVER.We want that inside host should get ip from subnet 192.168.10.0 /24. This ip pool is configured in DHCP s...

HI everybody.I have few questions.policy-map type inspect PING class type inspect PING  inspect class class-default  pass1)What is the order of operation?  The" inspect"  action will apply only to class " PING" . The action " pass" will be applied to...