Network Security

ISR G2 IOS IPS Licensing

I have a 2921 with 15.1.(4) and security-k9 license.Do I still need a subscription license or is this covered under SmartNet?The Cisco Services for IPS on IOS document states at the top:Effective with Cisco IOS Release 15.1(4)M, this feature is not a...

Resolved! web server behind 5505

I have a web server behind my 5505 that I'd like to access from the outside of the 5505 (still within my home network though). Its running on port 3000. I made the changes but I have been unable to access my server from the outside. I do have an Airp...

restrictions on the number of lines in config

Hi all!Are there any restrictions on the number of lines in the ASA config?

Resolved! Two Asa Two Isp and Windows 2008 R2 Server

Hello Everybody ,If you can support my issue , I do appreciate a lot.First of all thanks a lot for your interest ..Here is my issue :I have two Isp Connection ( 1 metro Eth Connection and 1 Ghdsl Connection )1) Asa 5505 (Version 8.0(5)) is for the ...

NAT rule on ASA

I have a lan to lan vpn set up between two ASAs. There is a host im using for testing on one end, and a server on the other. The host is 10.0.0.10 and the server is 123.123.123.123 (ip is public. doesnt matter what the real one is). This server needs...

Resolved! Does "sysopt connection permit-vpn" bypass all interface ACLs?

A while back I changed my internal interface ACLs so we must explictly permit traffic between internal networks but still retain access to the internet. I chose to use an object group containing the three RFC1918 ranges to define the private networks...

What is the correct procedure to connect and collect events from IPS through SDEE

What is the correct procedure to connect and collect events from IPS through SDEE?We are a 3rd party application, that needs to collect and analyze the IPS events for a client.Currently the approach we are following is1) get a SubscriptionId using th...

Resolved! FTP inspection

Right now I have ftp inspection enabled on an asa 5510 (code version 8.2(5)), is it possible to disable that for just a specific interface or does it only a global command? Thanks in advance!--Ben

ASA 5510 priority queue

Hey Everyone:Just after some help with an ASA 5510 QoS config for our lab. Trying to set-up a priority queue for Voice and Video traffic, below is the current ASA config. The WAN link is 6mb, trying to limit the Internet traffic to 4mb and save 2mb f...

management iP

Hello,I am currently migrating a netscreen firewall to a cisco asa 5515 ver. 8.6The issue is setting up the management connectivity. basically the management IP of the cisco asa is not advertised. But, we want to route a management IP through the man...

FIREWALL SYNCHRONIZATION

ASA firewall failover not synchronizing... Here is the result of show failover. The configuration appears to be correct but we don’t understand why the devices are not syncing..ASA-EXTRANET# sh run failoverfailoverfailover lan unit primaryfailover la...

Anyconnect 3.0 automatic SBL with TND

Hi, I am evaluation the new Anyconnect 3.0 client against Microsoft DA. Everything looks good but I am wondering; Is it possible to have Anyconnect auto connect (based on TND) before user logon without the user activating the client manually?

Dual Site to Site VPN (IPV4 & IPV6)

I done some searching and can't come up with a definative answer any where so I'm going to ask the experts.We have an ASA 5520 in our home office, connected to the Internet via IPV4 and IPV6 and it's all working great, we fully support IPV4 and IPV6 ...

Resolved! ASA upgrade when not able wr to flash

Hi all, I have one issue. I have 2 ASA 5555 in failover, but based on TAC case in asa861-2-smp-k8.bin is bug, and cause to not able write anything on flash. Cisco recomeded to upgrade to 8.6(1)7. But how to do it if not able copy to flash? I need ze...

Resolved! Adding Global Deny Any Rule With Logging

Is there a simple way to add an explicit Deny Any Any rule (with logging enabled) globally applied to all interfaces (with the assumption it goes to the bottom of the Access-List)?

Network Security

Forum Posts

ISR G2 IOS IPS Licensing

Resolved! web server behind 5505

restrictions on the number of lines in config

Resolved! Two Asa Two Isp and Windows 2008 R2 Server

NAT rule on ASA

Resolved! Does "sysopt connection permit-vpn" bypass all interface ACLs?

What is the correct procedure to connect and collect events from IPS through SDEE

Resolved! FTP inspection

ASA 5510 priority queue

management iP

FIREWALL SYNCHRONIZATION

Anyconnect 3.0 automatic SBL with TND

Dual Site to Site VPN (IPV4 & IPV6)

Resolved! ASA upgrade when not able wr to flash

Resolved! Adding Global Deny Any Rule With Logging

Announcing the releae of Firewall Migration Tool Version 7.7.0.1

SNMP MIB oid to find the logical device information (FTD instances)

Cisco Firepower FTD with secure FMC : VXLAN

FMC: Automatic renew certificates?

Partial Success and Optimize ACL Feature with Firewall Migration Tool

how to change the syslog port in FMC

FMC DHCP Relay Agents doesn't show in the UI or allow any changes

Zone Based Firewall - single Zones over more than one interface.

Strange Issue of IP Getting Claimed by FTD's MAC Address

Stable FTD released version and fixed brute force attack