Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

IP/Port information gathering for new Firewall

Hi,Can anyone suggest some options to gather traffic flow information for a network to build new firewall rules. Some applications have been running for long time and people who set it up have moved. The Netflow data is huge. I am only interested in...

Resolved! Is SSH port 22 both directions?

It is amazing how hard it is to find an answer to this question. Even searching for "port" and "22" in the various RFC's for SSH didn't give me an answer. I am trying to find out is if SSH sends on port 22 from the SSH client. I know the SSH serve...

inspect on firewall

Scenario 1On new firewall following inspect command are as follows.Assume there is no access-list on firewall..so now all the traffic related to below protocols will be allowed to flow from inside to outside as well as outside to inside. inspect dns...

Resolved! NAT Address range different to Public

HiWe have a new ASA box in place with a Private, DMZ and Public card which routes out to the Internet fine and everything is currently working as it should.I am trying to setup the NAT part, yet the range we have been given is on a different subnet t...

ASA phone proxy after failover problem

Dear all,i have a problem with my asa phone proxyi have two ASA 5520 in HA. I have 10 phone register with ASA active primary.if i execute the command show phone-proxy secure-sessioni can see the phone session on the ASA.if i perform the same co...

Access to network

Referring to the diagram, Switch_2 was not there and communication between private networks was working fine. I added Switch_2 (a layer 2 switch) to the network to extend the business network and lost communication in Site_2 private network. We have ...

doubt with ASA log

Hello all,I'm receiving this flood line like below in my log, look:Dec 3 16:05:00 10.11.2.2 %ASA-6-106015: Deny TCP (no connection) from 172.19.2.50/54429 to 10.11.5.20/5666 flags PSH ACK on interface inside When I'm in 172.19.2.5...

IPSec VPN traffic issue

I have a site to site VPN configured on a asa5505. The tunnel is up and the interesting traffic is successfully being encrypted. The issue is that when inbound traffic originating from a subnet outside of the encrypted range destin to the subnet with...

Resolved! ASA 5505 - Hairpinning or simple ACL/NAT entry?

I've attached a document showing how this network is designed. A client on a guest vlan behind the ASA, nat'd to one address on the public subnet, needs to be able to get out to the internet, and still come back in for specific services, such as OWA,...

Resolved! License with anyconnect on asa 5520

Dear All,We have a single ASA 5510 with version 7.2 (3) in our network and configured many IPSEC site to site, IPSEC - remote access vpn and webvpn with SSL. Everything is working well.ASA-5510# sh ver Cisco Adaptive Security Appliance Software Ver...

AIM-IPS password reset

I am following the password reset procedure for the AIM-IPS module in a 2811 Router.I enter the commnd "service-module ids-sensor 0/1 reset" after I suspended a session, then i return to the session, but the only think there is the username prompt...

Resolved! file system check recs on new ASAs

Just curious if anyone knows why I'd be seeing these on a new ASAs. The last two I received had these fsck records:f-monona-1# sh flash--#-- --length-- -----date/time------ path 182 16275456 Dec 13 2010 16:46:02 asa821-k8.bin 223 15962112 ...

Question on NAT 2 Private IP Addresses...

Guys- Question, If I have 2 Private IP Address and I want them to be NAT'd to the same IP address on the way out (specifically for 25 ports) - how can/is the correct way of doing this?This is what I am thinking, but I feel like I am wrong:Policy NAT...

Blocking out bound port 80 traffic using ASDM on ASA 5510

Hello, I am attempting to block outbound traffic for a specific PC on my LAN using the ASDM.. any advice is appreciated. Thanks.

migrate from pix515e ios 8.0.4 to asa5520 ios 8.4.5

Hello everybody.We want migrate our network from pix515e to asa5520.Access rules is same on both devices.When we change default gateway from ip address pix to ip address asa, we get assimetric traffic and both devices drops tcp packets.On asa 5520 we...

Network Security

Forum Posts

Firewall Migration Tool v7.0.0.1 now live!

IP/Port information gathering for new Firewall

Resolved! Is SSH port 22 both directions?

inspect on firewall

Resolved! NAT Address range different to Public

ASA phone proxy after failover problem

Access to network

doubt with ASA log

IPSec VPN traffic issue

Resolved! ASA 5505 - Hairpinning or simple ACL/NAT entry?

Resolved! License with anyconnect on asa 5520

AIM-IPS password reset

Resolved! file system check recs on new ASAs

Question on NAT 2 Private IP Addresses...

Blocking out bound port 80 traffic using ASDM on ASA 5510

migrate from pix515e ios 8.0.4 to asa5520 ios 8.4.5

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

FMC CDO vs. vFMC

FTD SSE Connector Service down

Problem with ssl decrypt-resign on Cisco Sefure Firewall

FTD reboots and the active firewall losts all of the User ID entries

ASA AD LDAP Authorization belonging to multiple groups

Packet tracer fails ASA 1150 Firepower

FTD Migraton Uisng FMC

Cisco 2130 Virtual Firewall Contexts firmware

Using FlexConfig to change default command (no sysopt noproxyarp) rule

Trying to enable AnyConnect Alias