Network Security

IOS Zone firewall (ZFW) & changing SSH listening port

I'll have to check into the deetails again but I recall there being a way to change the listening port for SSH. Not only do you have to configure SSH itself to listen on a new port but I think there was something about making the inbound interface p...

Resolved! ASA NAT - Source address translation

Hi All,I've a quick - I think - ASA NAT question. I have a server in a DMZ of my 8.4 ASA with nat:object network FTP-SERVER host 192.168.1.102 nat (dmz,outside) static interface tcp ftp ftpAnd that's working well. However, I now need to trans...

Multiple NAT translation for Same IP

Is it possible to have multiple NAT translation for same IP We have a NAT statement as follows.10.0.0.1 -- > 100.10.10.1010.0.0.0/24 - 10.0.0.0/24 - Identity NAT for the traffic between same ranges. But this is not using when we have the first nat ru...

Cisco ASA OSPF Administrative Distance 255

Hi ..My ASA run OSPF dynamic routing, I want to "clean up" route table by set AD for OSPF by 255. But in route table there is still route for it although it have AD 255.Anyone have try this ?BR

ASA 5520 can't block incomming traffic

I was configure 3 interface on ASA1st - managemetn (only for management)2nd - gig0/0 is connected to internet with real IP3rd - gig0/1 is connected to local networkI was configure routed NAT to internet.But I have problem with restriction incomming t...

Need to block (or route to null0) hundreds of thousands of subnets

Hi;We have struggled with this for months and no one seems to have a solution.Our CTO has ordered us to block all IPV4 packets from many countries such as China, Iran, Russia, Nigeria, North Korea, etc. Please don't side-track the discussion with rea...

Cisco 5520 ASA need to upgrade flash from 64M to 256M

I need to upgrade the ASA 5520 from OS 8.2(5)26 to 8.2(5)33. the ASA only has 64M of flash. I have a 256M flash card. What are the steps to upgrade the flash? I am not sure how it will boot up because the new flash will be bla...

Resolved! Dual NAT with ASA 8.2

Hi,i am trying to configure Dual NAT (source and destination) with multiple subnets in the source, i am trying to figure out how to accomplish this with 8.2 ASA , can anyone help pleaseOriginal source 172.21.113.0/2410.233.0.0/2410.229.19.0/24Origin...

ASA5510 w/dual ISPs and static nat on backup if

Goal: Looking to have an ASA5510 with two internet feeds. Moreover, I would like to have my static nat translations continue to work on the backup feed. I have outbound nat working, however I cannot get the inbound nat to work. I had this all figured...

How to Disable telnet option completely in Cisco ASA 5510.

I want to disable the telnet option/feature on ASA 5510 , can anyone please tell me how to do that?i tried no telnet alone it wont work as i didnt configured any telnet at all.Please Reply.

Two factor authentication - ACS Vs ASA

Hello,I have one question about how to proceed (maybe one example or suggestion), to do authentication this way:Current scenario:ACS v5.x + Active DirectoryASA - SSL VPN (authentication)Future scenario:ACS v5.x + Active Directory and External RADIUS ...

site to site VPN as a backup and WAN link as primary on the ASA using reliable static routing

I am currently running a site to site VPN on the ASA5510. It's a small shop and the ASA does most of the job as the switch is a dump switch. I would like to add a WAN link to the ASA and use it as a primary to the other site. The other site might ter...

interruptions of connection through ASA 5520

Hi,I have a problem with the connections to the remote webservice passing through ASA 5520 firewall. Connections are usually interrupted in perod of half an hour in every few days.This ASA 5520 firewall is only one firewall in a path to the remote w...

Local ASA active/active and multiple DC active/active

HiTrying to work through a tricky issue - customer has 2x DCs in geographically diverse locations. Each DC is resilient in terms of networking on all fronts. If a data centre fails, traffic is routed through the other DC - nothing unusual. We have mu...

ASA1000v or ASA5500 ??

I have a question..I have only one physical machine with VM machines installed on it and I want to connect the machines to the internet.Do i need to have a 1000v asa or a physical asa(say 5510) would work fine, as a gateway to the internet.?Any help ...

Network Security

Forum Posts

IOS Zone firewall (ZFW) & changing SSH listening port

Resolved! ASA NAT - Source address translation

Multiple NAT translation for Same IP

Cisco ASA OSPF Administrative Distance 255

ASA 5520 can't block incomming traffic

Need to block (or route to null0) hundreds of thousands of subnets

Cisco 5520 ASA need to upgrade flash from 64M to 256M

Resolved! Dual NAT with ASA 8.2

ASA5510 w/dual ISPs and static nat on backup if

How to Disable telnet option completely in Cisco ASA 5510.

Two factor authentication - ACS Vs ASA

site to site VPN as a backup and WAN link as primary on the ASA using reliable static routing

interruptions of connection through ASA 5520

Local ASA active/active and multiple DC active/active

ASA1000v or ASA5500 ??

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

CSCwn22565 - ERROR: cannot set default route for broadcast packets.

FTD Pre-filter blocking WCCP

cloud-delivered FMC and CLI access

SIP traffic not functioning as expected following migration

How to Modify Content-Security-Policy (CSP) for FTD Remote Access VPN

How to send FMC's interface status notification to syslog, snmp server

Error Accessing Exclude Page Under System Health

Backup from vFMC to Hardware Appliance

Failed to deploy flexobject policy - threat-detection service to RAVPN

Fire Power 1010 orange Status light blinking