Network Security

Resolved! IDSM-2 Signature Updates from Cisco.com URL?

THE IDSM-2 IPS Sensor in my 6509 switch was not auto updating from version 6.1(1)E3 S297, so I manually updated it to 7.0(2)E4 S480. Unfortunately it still won't auto update from cisco.com and I think the url it is using is not correct. My IDSM-2 C...

Resolved! block icmp never work on ASA 8.6

hi all,i tried putting this on my ACLaccess-list outside_access_in line 1 extended deny icmp any any echo and write it on the flash.but still i can ping my ip address. my ASA version is 8.6.thanks for any comment you may add.

Cisco Security Manager eventing database

Hello Experts,Can anyone tell me where is the centrailised location for all the events which are comming from different devices are saved into CSM databse.can i be able to read events from them, or the whole database can be used to migrate to some ot...

Throughput issues in Cisco ASA 5510

For internet connectivity, we have a Cisco Firewall connected to a BGP router multihomed with 2 ISP. Attached the high level diagram for reference. We have noticed that the bandwidth usage over the primary connectivity is less than 5 % of the total 1...

Resolved! crypto isakmp key 6 {suppose to have some key}

Hi,Pls help on this,Have core router VPN MPLS and other router remotely,say site A,B,and c were all working fine,Router C failed to boot and decide to put other router 1841 the conf files from A,B,C are the same except on LAN and WAN intefaces,crypto...

Resolved! NAT with 8.6(1) ASA5515-X

I want to NAT only those nets which are deployed as opposed to a'nat (inside) 1 0 0' as in IOS 8.2 for example.So I have possibly two choices.I can create a network object-group with my INSIDE NETS and add to it as I expand the IP usage.!object-group...

ASA multi-context Throughput

Hi,How do i measure the total throughput going via 5585-X.It has the firewall througput of 5Gbps. Looking at aggregate of all the interfaces traffic going through it seems about 4gbps is going through.I use show traffic command and add up the trasmit...

ASA 5585 , certificate issue

Hi All,I am trying to enroll a root certificate to the box , it is throwing me an errorINFO: Certificate has the following attributes:Fingerprint: 84e3260b cee31ca9 33dab4cd 770e30b6 Do you accept this certificate? [yes/no]: yes% Error in saving ...

Resolved! ASA and statefull filtering

Hi everyone,I read that ASA by default do statefull filtering for TCP and UDP packets.If user access internet website then return traffic is allowed from the internet.Curious to know what config in ASA allows statefull filtering ?Or does ASA suppor...

Resolved! ASA 5525-X code 8.6.1 downgrade

Can I downgrade the firewall code to 8.0, it's running 8.6.1 right now.

All Traffic Move via FWSM(Tranparent Mode)

Dear Experts,As I am planning to deploy FWSM Module in 6513 chassis and need your valuable comments regarding the strategy that I create for this deployment.Initially (Without FWSM Deployment) all internal traffic moves in this manner.7613(G9/5) --> ...

Resolved! Need to allow ping to switch connected to DMZ from outside

Hi everyone,Current config from ASA allows telnet to switch which is connected to DMZ of ASA from outside connection of ASA.IS there any way that i can also allow ping to this switch from outside at the same time.Can ping and telnet work at same ti...

NAT Question

I have a dynamic nat below that allows web traffic from specified networks in group Inside-ext to be nated to a single address below :-nat (inside,outside) source dynamic Inside-ext obj-10.50.50.1Is it possible to have multiple dynamic nat for other ...

[IPS-4260] IDM 6.0 doesn't start

I'm not able to start IDM on IPS-4260, i get this error message:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)......Caused by: java.io.EOFException:...

Resolved! Transparent FW and pinging to remote device

Hi everyone,I was reading about transparent FW it says Unlike a transparent switch, however, the device will not flood frames out interfaces for an unknown MAC address destination. Instead the ASA will respond with an ARP request for a directly conn...

Network Security

Forum Posts

Resolved! IDSM-2 Signature Updates from Cisco.com URL?

Resolved! block icmp never work on ASA 8.6

Cisco Security Manager eventing database

Throughput issues in Cisco ASA 5510

Resolved! crypto isakmp key 6 {suppose to have some key}

Resolved! NAT with 8.6(1) ASA5515-X

ASA multi-context Throughput

ASA 5585 , certificate issue

Resolved! ASA and statefull filtering

Resolved! ASA 5525-X code 8.6.1 downgrade

All Traffic Move via FWSM(Tranparent Mode)

Resolved! Need to allow ping to switch connected to DMZ from outside

NAT Question

[IPS-4260] IDM 6.0 doesn't start

Resolved! Transparent FW and pinging to remote device

about FTD-V

Unable to edit and save a text object

CSCwo71835 - The NAS-IP-Address attribute is missing

FMC API to get real time VPN/S2S tunnel and CPU/Memory perf metrics

Firepower 2130 -how to resolve plugin 70658 SSH Server CBC Mode Cipher

SSH with X509v3 certificates

FPR‑4145 EOL/EOS ?

Firepower 4125 - how to resolve plugin 157288,

Cisco FMC QoS filtered by application

Disable checking of SIP traffic on FTD via FMC