Network Security

Cisco ASA Site-to-Site with UC540 routing issue

We are setting up a new phone system using the UC540 with a VPN connection between 2 buildings using 2 Cisco ASA 5505's at either end.The problem I am having is getting the phones at the remote site to connect to the UC540 at the main site. Phones/Co...

Resolved! FWSM Active/Active Failover Logging

Hi,Does anyone know if during a failover syslog logs or SNMP alerts should be generated on individual FWSM contexts. I have looked through syslogs from the time a failover has occured and I have seen no mention of any failover. Our SNMP management so...

SSH sessiion initiation: IOS firewall blocking return traffic

Well I thought I had zone-based firewall figured out for using SSH to manage routers, but apparently not Put simply, when I try to SSH from one router to another, my SSH session gets through the firewall but cannot come back, due to the firewall . I...

SSH v1 on ASA 8.4

Hello All,I was just curious if SSH v1 is considered vulnerable why is it still enabled by default on the ASA 8.4 by default?What is the vulnerability impact of using SSH v1 on an ASA?Thanks!

Resolved! asa 5510 stops forwarding incoming traffic to internal servers.

Since the power failure two days ago, my -ASA stops forwarding traffic to internal servers, for no apparent reason. Packet trace shows all OK, packet capture buffer stays empty when I try to http into the mail server. The only way to get it working i...

ASA 5550, DNS doctoring not working

We are in the first stages of migrating to a new data center and have hit a bit of a roadblock with DNS Doctoring. We have been using it for years without trouble at our old site with almost no config. Any help things I might be overlooking would be ...

Cisco ASA Implementation Question

Hello folks,Just a few questions. We are looking to deploying Cisco ASA 5545 into a network. I have a couple of issues with designing the network correctly. We need to be able to scale out to more hosts than a single VLAN, we would also be considerin...

CIsco 891-K9 OoO queue overflow

Cisco 891-K9 router, very basic config, minimal firewall in place.I keep getting warnings in the log:Dropping TCP Segment:xxxx is out-of-order... Reason:TCP reassembly queue overflow....I have increased the size of the ooo queue etc. as follows (incr...

ASA 5510 - Open outbound port for speacific IP

Hello. We have a ASA5510 and I need to open port 22 for a speacific IP in our LAN outbound only. How do I do that? Thanks.

Need guidance on rerouting traffic to public interface from private network

We have an ASA at a remote location that gets a dynamic address through a DSL connection. We just put a camera system out there, and the owner wants to be able to see the video inside or outside this facility from his phone. We have configured the dy...

Resolved! Problem with nat?

Hi,I have the following NAT rule: object network HTTP_Test_80nat (TestEnvironment,WAN1) static 88.130.50.22 service tcp www wwwThis allows http traffic to a testserver from the outside. An ACL is also in place and i can get to ...

Resolved! pix password recovery without interface ip address

hello friendsI am completely new in network security, i have to set the pix firewall for an organization, no one know about the interfaces ip and logins. i read the cisco document about password recovery but that need an interface address.. how can i...

ssh from internet

Hi,I want to ssh to my asa from internet.for it iahve done some configuration, but my asa is not pinging from internet.Below is my ASA's show runPlease help me..Regards,Milan Verma-------------------------------------------------------------RBN-ASA-0...

ASA 5505 - How to allow a server access to ONLY one URL?

Thank you in advance.I have an application on a server in our DMZ that I want to restrict access to only allow it to send http request to www.google.com/recaptcha/api/verify. I have been playing around with regular expressions and Inpect Maps, but s...

ASA: IP address configuration on two interfaces of same subnet.

In Cisco ASA we can configure IP address from Supersubnet pool on two different VLAN as below.If you check 10.231.23.145 is IP address of Supersubnet of 10.231.23.128/27. Can any one know why this is allowed on Cisco ASA and same thing is not allowed...

Network Security

Forum Posts

Cisco ASA Site-to-Site with UC540 routing issue

Resolved! FWSM Active/Active Failover Logging

SSH sessiion initiation: IOS firewall blocking return traffic

SSH v1 on ASA 8.4

Resolved! asa 5510 stops forwarding incoming traffic to internal servers.

ASA 5550, DNS doctoring not working

Cisco ASA Implementation Question

CIsco 891-K9 OoO queue overflow

ASA 5510 - Open outbound port for speacific IP

Need guidance on rerouting traffic to public interface from private network

Resolved! Problem with nat?

Resolved! pix password recovery without interface ip address

ssh from internet

ASA 5505 - How to allow a server access to ONLY one URL?

ASA: IP address configuration on two interfaces of same subnet.

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Question on S2S Tunnel to Azure using FTD or Azure Native S2S

Setting out TCP MSS on FTD only for non-ipsec endpoints

Cisco Stealthwatch ipfix exporter

FMC - Error mesasge: Unable to reach Cisco Cloud from the device

CISCO FXOS Upgrade - API

FTD 2130 HA Pair - FMC - sftunnel CA expired - Fix options

How often does IPS update on Firepower devices

ASA Nat re-order, renumber, existing nats, add new ones

HA pair in Active/Active. Cannot deploy policy

FMC Management Center is out of compliance.