Network Security

Privilege level 15 to ASA cli administrator via Radius

Hello Friends!Is this supported yet on the ASA? I want to be able to have radius assign privilege levels to firewall cli administrators.Upon login, I'd like them to be immediately be placed into "enabled mode" (without needing to know the local enab...

Blocking/Shunning Hosts with Service Policy Rules

I have an ASA 5510 deployed and we are getting a tonne of port scanning traffic (who isn't these days) and ping traffic.The threat scanning thresholds seem a bit too high and was wondering if there is a way to use a Service Policy Rule to perform a S...

Resolved! Cisco 5510 Startup-Config copy

I copied a Cisco 5510 startup-config to an identical Cisco 5510.After copying through tftp, I executed a reload. Everything looks good. Line by line compare results are the same.The problem is I can no longer use ASDM or ssh to interface with Cisco...

Global ACL or Per-Interface ACL ?

Hello.What do you use or recommend to use on your ASA ? I've used for a long time, Per-Interface ACL but now global ACL are available.But what are the advantages of having everything in one ACL ? What do you recommend ?Thank you.Best Regards,Mathieu ...

How to block foreign countries?

Is there a simple way to block ip addresses by foreign countries? There is so many network addresses needs to be blocked, it seems it is not practical on the ASA. Can someone give me some suggestions on this?

SA540 - IPSEC

Dear Team,I have SA540 firewall with me, I am trying to enable a site-to-site VPN between Fortigate 50B and SA540. I am facing issues with the setup. Please say if any license is required for bringing uo the site to site IPSEC tunnel.Please find the ...

map drive from inside to outside thru pix 515

I am trying to connect to shared folder over the internet-using netbios. The traffic will be going from inside to outside. When I try to connect from windows client I get error 1920. Can anyone shed some light on how to create access lists to enable ...

On which interface should i open ports?

Hi!Got a case from a customer. They want me to open some ports so that one client can use some applications.The problem is, I am not sure on which interface i should open the ports. The customer have about 10 interfaces on the ASA. It's a client on t...

Resolved! ASA5505-50-BUN-K9 3DES license problem [Resolved]

Hi,I have ASA505 with 3DES disabled, i heard that i can have the 3DES license without fee, so i contacted cisco more than 10 times to have the license, and every time they send me the same licence as my parmanent base key: 5321ec6e 102e534b fc21e96c ...

Resolved! ASA from inside to published dmz host through external address

Hello,i need some help pls.I config asa to access web site(through public ip) that is published to dmz subnet from inside. Example:inside user host - 10.205.10.100ASA interfacesinside - 10.205.10.1dmz host - 192.168.200.20 outside published host ad...

Are the VPN clients free?

Hi thereSorry about this stupid question, but CISCO has just too many licenses, codes, contract/serial #...Each client needs a VPN client software installed.This would be the "CISCO AnyConnect VPN Client", right?It is the same for SSL and for IPSec?I...

Obsolete Signatures Inheritance IPS IOS 7

Hello all,I found that on older IPS IOS 5 is possible to inherit previously tuned signatures settings even if new signature update pack from Cisco is downloaded.Descriptipon of that how-to is available here.I'd like to know, if the same feature is av...

Signature for web scanning

Hi, i have webserver and i want to block scan for website using IPS ( any type of scan which reveals server infomoration).Is there any signature used, if not can i create custom signature (how i can do it)thankssssssssssss

ASA5520 (8.4.5) static PAT trouble

Hello everybody.I migrate from PIX515E(8.0.4) to ASA5520(8.4.5)I have this configuration on PIX515Estatic (ins10,INTERNET) tcp 10.1.15.5 5555 access-list POS_vpn_nsaccess-list POS_vpn_ns extended permit tcp host 10.1.21.6 eq 5555 192.168.0.0 255.255....

5520 CSC very bad HTTPS traffic

I have a TAC on this, but thought I would throw it out here too. We recently upgraded a 5520 to 8.4 code so HTTPS traffic can filter through the CSC. Well, it caused a major headache now in that it takes several attempts to pull up any https pages. ...

Network Security

Forum Posts

Privilege level 15 to ASA cli administrator via Radius

Blocking/Shunning Hosts with Service Policy Rules

Resolved! Cisco 5510 Startup-Config copy

Global ACL or Per-Interface ACL ?

How to block foreign countries?

SA540 - IPSEC

map drive from inside to outside thru pix 515

On which interface should i open ports?

Resolved! ASA5505-50-BUN-K9 3DES license problem [Resolved]

Resolved! ASA from inside to published dmz host through external address

Are the VPN clients free?

Obsolete Signatures Inheritance IPS IOS 7

Signature for web scanning

ASA5520 (8.4.5) static PAT trouble

5520 CSC very bad HTTPS traffic

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Anti-Malware Application condition CS

Disable IPS on Firepower 4120 for PSN/PCI Scans

What is taking place behind the installation process of Firepower 2120

Configuring OKTA SAML on FTD 7.2.5

Palo Alto to Cisco Migration Tool count_summary error

ISE Internal CA issued EAP-TLS auth fails after renewing EAP Auth cert

View hit count on FMC for FTD ACP's

How to bring up a port channel interface that was shut through cli

FMC100 migration to FMCv

firepower SSL policy cipher suite for default action