Network Security

Are the VPN clients free?

Hi thereSorry about this stupid question, but CISCO has just too many licenses, codes, contract/serial #...Each client needs a VPN client software installed.This would be the "CISCO AnyConnect VPN Client", right?It is the same for SSL and for IPSec?I...

Obsolete Signatures Inheritance IPS IOS 7

Hello all,I found that on older IPS IOS 5 is possible to inherit previously tuned signatures settings even if new signature update pack from Cisco is downloaded.Descriptipon of that how-to is available here.I'd like to know, if the same feature is av...

Signature for web scanning

Hi, i have webserver and i want to block scan for website using IPS ( any type of scan which reveals server infomoration).Is there any signature used, if not can i create custom signature (how i can do it)thankssssssssssss

ASA5520 (8.4.5) static PAT trouble

Hello everybody.I migrate from PIX515E(8.0.4) to ASA5520(8.4.5)I have this configuration on PIX515Estatic (ins10,INTERNET) tcp 10.1.15.5 5555 access-list POS_vpn_nsaccess-list POS_vpn_ns extended permit tcp host 10.1.21.6 eq 5555 192.168.0.0 255.255....

5520 CSC very bad HTTPS traffic

I have a TAC on this, but thought I would throw it out here too. We recently upgraded a 5520 to 8.4 code so HTTPS traffic can filter through the CSC. Well, it caused a major headache now in that it takes several attempts to pull up any https pages. ...

can't connect to all sites outside from inside

Dear forum,For some reason there are some sites that I cannot access websites from inside interface.One such example is lxer.com where I am receiving this message in the browser:The connection has timed out The server at www.lxer.com is taki...

Trouble with NAT Rule for DMZ Webserver ASA5510

Hello all I am having a hell of a time with a NAT rule I am trying to set up for a webserver I want to place into my DMZ. I have created a NAT rule and added the appropriate access rules but I am still unable to hit my webserver from the internet.I d...

Cisco 5510 Remote Access VPN

Hi.I have a Cisco 5510 which has remote access VPN configured.Now I have new block of IP address, is there a way I can just change the outside interface IP so that people can remote in without doing anythng else?Or if I coulds be taught to create a n...

Resolved! sysopt connection tcpmss and MTU of 9216

Hi AllWe have a new ASA5585 as an internal firewall that will slowly replace our aging FWSM. For optimum performance it was adviced on the FWSM to set sysopt connection tcpmss to 0, even though using MTU of 1500. On the new ASA are we now going to en...

Support of Jumbo frames on ASA 5500 Firewall Appliance?

Can any ASA 5500 in particular the ASA5510 firewall support jumbo frames (i.e. greater than the default standard 1500 Bytes frames)?. I plan to use the ASAs to setup a point-to-point IPSec tunnel and need an Application frame of 4Kbytes intact and no...

ASA and Jumbo frames

Does the ASA support jumbo frames?

Resolved! NAT/VPN traffic

Hi,I am trying to get my backup traffic from my Main office 172.28.0.18 Server to Remote office Server 192.168.100.3 via the Site-To-Site tunnel. My problem is it's getting drop by the NAT rule. Packet trace below.ciscoasa# packet-tracer input outsid...

ASA5510 Dual ISP & VPN on backup

ASA5510 ios v8.4. I've setup dual ISPs and I'm trying to get ipsec VPN client access to work on the backup interface (outside-backup). The goal is to have outbound traffic on the inside subnet NAT'd through the main interface (outside) while inbound ...

Cisco ASA firewall/Router/Switch support SNMP v3 Read-Write ?

Hello Cisco ASA firewall/Router/Switch support SNMP v3 Read-Write ?thanks in advance velavan

Resolved! Nat RDP machine, outside to inside

hi i have the next configuration.inside 192.168.90.1outside 10.13.7.188rdp-host 192.168.90.45rdp-host-outside 10.13.7.187ASA Version 8.4(1) !hostname ciscoasaenable password -----passwd ----names!interface Ethernet0/0 nameif inside security-level 10...

Network Security

Forum Posts

Are the VPN clients free?

Obsolete Signatures Inheritance IPS IOS 7

Signature for web scanning

ASA5520 (8.4.5) static PAT trouble

5520 CSC very bad HTTPS traffic

can't connect to all sites outside from inside

Trouble with NAT Rule for DMZ Webserver ASA5510

Cisco 5510 Remote Access VPN

Resolved! sysopt connection tcpmss and MTU of 9216

Support of Jumbo frames on ASA 5500 Firewall Appliance?

ASA and Jumbo frames

Resolved! NAT/VPN traffic

ASA5510 Dual ISP & VPN on backup

Cisco ASA firewall/Router/Switch support SNMP v3 Read-Write ?

Resolved! Nat RDP machine, outside to inside

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Firepower 1150 Interface Internal Data 0/0 overrun errors rising

Illegal characters in url that generated from on-prem CSSM

Cisco FPR 1010 FTD MDNS Routing

FMC 7.4.2 Force deploy from CLI

Umbrella DNS Connector Integration with Firepower Management Center

Why we use no route-lookup, route-lookup and proxy-arp, no proxy-arp

Allowing Traffic through ASA without NAT

Dmz with dual firewall Implementation

How to ping a subinterface on FTD

inconsistent user ID to IP mapping with ISE-PIC and FirePower