Network Security

Resolved! ASR1k inspection of ICMP -> ACL vs ZBF

Hello,While reading the page linked below, I was surprised to see an ACL is created and never referenced in the class-map that comes afterward.http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/fw-stateful-icmp.htmlIs the AC...

ICMP/Ping Traffic Not being Allowed Through (ASA) Outside Interface

Hi , Any help would be appreciated. I am unable to ping external address, which are directly nating through to internal hosts (Internal hosts are pingable)I have ICMP FIXUP enabled. See running config below. ASA Version 8.2(5)26 <context>!host...

adding a VLAN to ASA

I have a very basic ASA that is using the default VLAN1 for internal private subnet and VLAN2 for public subnet. I want to add a third subnet VLAN3 that will be private, security level 100 and NATed out the ASA. I also want to be able to communicat...

ASA5550 Access List Question

EDIT: If I'm missing something that's required or you just have some questions, just let me know and I'll add the necessary information.I am trying to set up an ASA5550 so that I can access the servers behind it. Simple. As of now, I am unable to eve...

Resolved! Trying to us object-group and PAT

I am trying to configure dynamic PAT on a Cisco ASA 5510 using an object-group and having difficulty.How can I use an object-group, which includes five subnets, as a source for NATing to a dynamic PAT address?

Resolved! SIP Inspection and dynamic port opening after re-invite

Platform: ASA 8.3(2)Hello,I have SIP devices along with SipTrunk and media endpoints. I am having issues with the ASA not dynamically opening (sip inspect enabled) UDP ports for RTP after a SIP re-invite causes the media endpoints to change within SD...

SSH just stops (891W router)

Hello all. Over the weekend this router was put into production. SSHv2 is configfured and was working fine. Due to some circumstances, we had to avoid configuring any zone-pairs that included the self zone. This of course left the router open som...

Resolved! Access-List traffic control

I have an ASA pair configured to replace a router that hosts a collection of IPSec Tunnels. Tunnels appear to work. I am lab'ing some additional controls that I would like to implement. On the Production Router that i plan to replace with the ASA'...

NAT for a private IP

We have some Cisco 2911's that we are configuring 2 VPN's ( second is for redundancy) We are pretty confident on the failover VPN setup using SLA monitoring. One thing we are stuck on is the redundant VPN will be setup over a 3G connection provided b...

Interface Access List Traffic Control

I have a Production Router that is hosting 30+ IPSec Tunnels. I have an ACL on the inside Interface of the Router to stop unwanted traffic from entering our LAN via the Tunnels. The current ACL looks like this: access-list 145 deny tcp 192.168.30...

Converting interface to different subinterfaces on ASA

Hi,I have a cluster with cisco 5550 asa's.I need to have mulpti new DMZ zones on our firewall, and since we already have 8 interfaces in use, I need to swap one interface from one DMZ to multiple DMZ's using subinterfaces...My question is now, what w...

Resolved! IOS FW: how to block port 25?

Typing sucks on iPad, plz forgive for short sentences.I want to block all internal LAN systems from sending to port 25 outbound to Internet, except the mail server which is on same LAN. 192.168.0.0/24. This is to prevent an unknown inside PC infected...

Intervlan routing plus internet access

I have enabled 100 of vlan interfaces in cisco. i assigned it under one phyiscal interface .What i require is all vlan should have internet connectivity , but no vlans should not have routing between each other, what s the best way to accomplish this...

Memory and CPU issues with Cisco ASA asa845-k8.bin IOS

Hi,yesterday i have upgraded my live asa to new version asa845-k8.bini read that a lot of bugs were fixed and some improvements with per user acls (need this feature).After upgrade (zero downtime - i have A/S environment) my CPU and Memory were down:...

Strange Inside ACL Issue

We've been having a few problems over the past week or so which Objects and Object groups.What we have is an object group called HTTP out which contains around 120 objects and 10 object groups, this object group is part of a rule any source to HTTP o...

Network Security

Forum Posts

Resolved! ASR1k inspection of ICMP -> ACL vs ZBF

ICMP/Ping Traffic Not being Allowed Through (ASA) Outside Interface

adding a VLAN to ASA

ASA5550 Access List Question

Resolved! Trying to us object-group and PAT

Resolved! SIP Inspection and dynamic port opening after re-invite

SSH just stops (891W router)

Resolved! Access-List traffic control

NAT for a private IP

Interface Access List Traffic Control

Converting interface to different subinterfaces on ASA

Resolved! IOS FW: how to block port 25?

Intervlan routing plus internet access

Memory and CPU issues with Cisco ASA asa845-k8.bin IOS

Strange Inside ACL Issue

about FTD-V

Unable to edit and save a text object

CSCwo71835 - The NAS-IP-Address attribute is missing

FMC API to get real time VPN/S2S tunnel and CPU/Memory perf metrics

Firepower 2130 -how to resolve plugin 70658 SSH Server CBC Mode Cipher

SSH with X509v3 certificates

FPR‑4145 EOL/EOS ?

Firepower 4125 - how to resolve plugin 157288,

Cisco FMC QoS filtered by application

Disable checking of SIP traffic on FTD via FMC