Network Security

DNS redirect on a ASA5505

I want to make it so if a user tries to use a different DNS server the request will be redirected to the one they should be using.I thought this might work but the ASA doesn't do PB routingip access-list extended transparent_dnspermit udp any any eq ...

Nat Help

HI there.I've had a request that i'd like to run past the group as i'm confused on how this may look / work.A client has asked us to setup a VPN to thier office but only allow the connection from one internal IP. Users would have to access this remot...

ASA Twice NAT (port translation) - 8.4 in depth

hi all,I have some issues with Twin PAT on ASA (8.4.2), there is sth I dont udnerstandFTP server is on the inside and client is in outside.I did sth like thisobject network NATED-11 host 20.20.20.11object network REAL-2 host 10.200.200.2object serv...

ASA object service

hello i'm little confused about argument "source" and "destination" behind object service protocal.here is simple example:ASA-FW01(config)# object service 3389 ASA-FW01(config-service-object)# service tcp ?service-object mode commands/options: dest...

ASA5510 Dual DMZ interfaces

Hi, I want to create a Dual DMZ in a ASA5510 however it is not like I used to in ASA5505 In ASA5505 I create a Outside, Inside and DMZ VLAN and there after add the interfaces into the VLAN.This way I can have two DMZ interfaces, but how do I do it in...

Getting internet access on an ASA5510

Hi,I see this is a popular one, but I can't see what I have done wrong.the set-up is: a DSL modem in half bridge (it does all the PPPoE connection) passes our static IP (55.167.x.x) to the ASA's outside interface ... (the modem has an IP of 192.168.1...

ASA 5510 - active/passive setup - active starts/persists dropping VPN/SSH connections until reload

Hey guys,We have 2 Cisco 5510's setup in active/passive firewall mode with both firewalls running ASA version 8.2(2)I've reviewed the syslogs and from one incident this morning the active/primary started giving 211001: Memory allocation Error, which ...

Resolved! ASDM cannot be loaded

Good morning.ASDM cannot be loaded. Click OK to exit ASDM. Server returned HTTP response code: 503 for URL:https://x.x.x.x/admin/exec/show+version/show+curpriv/perfmon+intervalHas anyone received this error before? I'm attempting to access the ASDM e...

ASA doesn't send traffic to IPS module

Hello friends,I've installed AIP-SSM module in ASA, configed it, but have no see alerts. What i have:ASA 5520 8.2AIP-SSM 7.0(2)E4ASA# sh service-policy ipsGlobal policy: Service-policy: global_policy Class-map: IPS_TRAFFIC-CLASS IPS: card s...

Resolved! IPS 4240 High Availability?

Hello there,Does 4240 work in HA mode?Or do I have to look at 4255 if I need them to work in HA mode?Kindly help me with this info..thanks in advance.Regards,Ram

IDSM-2 , Account locked

hi,we have an IDSM-2 module. i disable default cisco account on it. and create another administrator account. but this account has been locked because of 3 times failure login. i dont know what should i do for unlocking the account and login to modul...

Resolved! bi-directional nat ok, tcp failing

For the life of me I can't get his one working. Public IP range is 1.1.1.128 255.255.255.128 and internal networks are 10.1.3.0 /24 (servers) and 10.1.7.0 /24 (clients). I have a static NAT translation so outside users can access an internal web serv...

Cannot connect between two DMZs on ASA 5505

Hi - I'm trying to connect to something through an ASA.My traffic is coming in on a DMZ interface (security level 0) and going to something on a DMZ3 interface (security level 50).From the GUI I configured NAT exemption from the source network (on DM...

ASA: UDP Flow: Silent Packet Drop after a Week (Bacnet/IP)...

Here is the setup: Cisco ASA 5510 (Security Plus) 7.2(3) connected in a hub-and-spoke setup in IPSec site-to-site VPN with 5 sites, each one with Cisco 877 routers. The sites have HVAC equipments connected to them talking Bacnet/IP. The central si...

UDP Packet attack - IPS detection

Hi,I have been having logs for Access-lists configured on an interface on my 6509. Can anyone advise please if I am understanding it correct that IP10.61.64.202 is responsible for bursting attacks on udp port. Many thanks in advance for providing ins...

Network Security

Forum Posts

DNS redirect on a ASA5505

Nat Help

ASA Twice NAT (port translation) - 8.4 in depth

ASA object service

ASA5510 Dual DMZ interfaces

Getting internet access on an ASA5510

ASA 5510 - active/passive setup - active starts/persists dropping VPN/SSH connections until reload

Resolved! ASDM cannot be loaded

ASA doesn't send traffic to IPS module

Resolved! IPS 4240 High Availability?

IDSM-2 , Account locked

Resolved! bi-directional nat ok, tcp failing

Cannot connect between two DMZs on ASA 5505

ASA: UDP Flow: Silent Packet Drop after a Week (Bacnet/IP)...

UDP Packet attack - IPS detection

Get ready! Great things are coming to Cisco Community

How Cisco TAC is transforming documentation and self-service

Congratulations to the July 2022 Spotlight Award winners!

Cisco FTD 1010 how to use FDM with HTTP Response Page for Blocked URLs

Change FMC managed FTD Access Control Policy assignment via CLI

How to install ISE application through vKVM after firmware v. 4.1

Cisco Firepower 1120 Upgrade to 7.2.x makes VLAN not work

CSM_MANAGEMENT_CRED_username-xxx password xxxx 15Error

Redistribute default route in ospf in FTD

ISE-PIC and FMC

Health Module of FTD disable FTDversion 6.6.1

IPSEC Tunnel between Cisco FTD and Umbrella SIG

ASA5516-x unable to set TLSv1.2