Network Security

ASA5505 un-responsive after installing ASA-SSC-AIP-5 IPS module

Hello,Can anyone help?I have a pair of ASA 5505 firewalls in a failover configuration. Everything works correctly until I install the IPS module into the secondary firewall. When install I can no longer ping the firewall from the inside network. We d...

Automatically downloading Updates to a machine other than sensor

Is it possible to automatically download updates from cisco site to a local machine and then use that machine as update server?I know the second part can be done 9using FTP,SCP) option in sensor configuration. But how do I automatically download upda...

after Upgrading ASDM IN ASA.Not able to Login in IPS

Hi, I need to upgrade New version of ASDM in my asa, i done tht and with version 1.5.(55), and its upgraded successfully,now i am not able to login in my IPS,through that. can any bdy help me .Thanks

FWSM : Can same security level command create identity nat?

Hi All,As the topic : Can same security level command create identity nat? I found identity nat when show xlate debug command although no configuration related to identitiy nat for those subnet ip address.My brief configuration- same security level i...

Resolved! ASA 5510 redudant interface

I have configured redundant interface on ASA 5510interface Redundant1description *** INSIDES NETWORK ***member-interface Ethernet0/1 (This is a 1000Mbps Port)member-interface Ethernet0/2 (This one is 100Mbps)no nameifno security-levelno ip addressint...

Resolved! Can the IPS module in ASA be used to scan 2 interfaces?

I am trying to figure out if/how to configure the ASA-SSM-20 to scan the backplane and management/monitor interface (trying to save money and not buy dedicated IPS/IDS for internal net). I am running IPS v7.0(8)E4 with ASDM v6.4. I would like to use ...

ASA 5505 site to site RTP traffic is hitting deny all rule

Hello, Got an ASA5505 connected to another endpoint running IPsec and being NAT'd at each end to a 10.0.0.0/24 network. I can pass other types of traffic through the ASA 5505 but not RTP traffic. The moment it is NAT'd and hits the firewall rules it ...

ASA failover active/standby inside and outside configuration

Hi all,Im following this document:http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#lanbashttp://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.html#wp1097252...

NAT and ASA IP Spoofing error

Hello, all!Hey, I'm working on a problem where all necessary communication *seems* to be happening, but we're seeing regular errors logged that look like this (Public IP addresses have been changed from the real ones):Aug 13 2012 14:43:08: %ASA-2-106...

%ASA-6-106015: Deny TCP (no connection) from 10.115.0.176/3001 to 172.29.150.11/54659 flags SYN ACK on interface inside

Gettting this log event. This device worked fine using a point to point T1. Ever since we moved to a IPSEC tunnel, this device cannot communicate. Any help is greatly appreciated.

when upgrading failover pairLast week I had to upgrade ASA5510

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHzInternal ATA Compact Flash, 256MBBIOS Flash M50FW016 @ 0xfff00000, 2048KBEncryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0) Boot ...

Host Based IDS

Cisco used to have hIDS - Cisco security Agent, but this product is EoL, is there currently a replacement product that can do host base IDS from Cisco?Cyrus

Resolved! CPU spike for ASA 5520

Hi In our ASA 5520 " tmatch compile thread" process is taking too much CPU while applying ACL for a moment . CPU goes to high and then back to normal .. The code is 8.2(5) . Is this a normal operation or abnormal .

Resolved! sig 1300 victim port 46823

Hello.. my ids is picking up traffic to a mail server, attacker port 50084 / victim port 46823. Because the ports are both higher order it doesn't look like legitimate traffic. How would I investigate further to define this traffic? I found this onli...

Resolved! ASA - Cannot Communicate from Inside to DMZ

Hello - I have an existing ASA Firewall that is configured with an inside interface and an outside interface - communications is working fine in this configuration.I am trying to add a DMZ interface that will be connected to a 3560x switch - the new ...

Network Security

Forum Posts

ASA5505 un-responsive after installing ASA-SSC-AIP-5 IPS module

Automatically downloading Updates to a machine other than sensor

after Upgrading ASDM IN ASA.Not able to Login in IPS

FWSM : Can same security level command create identity nat?

Resolved! ASA 5510 redudant interface

Resolved! Can the IPS module in ASA be used to scan 2 interfaces?

ASA 5505 site to site RTP traffic is hitting deny all rule

ASA failover active/standby inside and outside configuration

NAT and ASA IP Spoofing error

%ASA-6-106015: Deny TCP (no connection) from 10.115.0.176/3001 to 172.29.150.11/54659 flags SYN ACK on interface inside

when upgrading failover pairLast week I had to upgrade ASA5510

Host Based IDS

Resolved! CPU spike for ASA 5520

Resolved! sig 1300 victim port 46823

Resolved! ASA - Cannot Communicate from Inside to DMZ

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

dpc3941b MAC Filter Settings

Assigning an EtherChannel Subinterface to an Instance via FMC API

Secondary FMCv in HA - migration to new data center process

FTD OpenSSH < 9.8 RCE

Error in connection to Certificate Authority: status = FAIL

any EOS/L decided for 3140

ASA 1010 BGP SNMP OIDs

Firepower 1120 FTD Setup

Captive Portal doesn't work in FMC

Cisco ASA uninstalling SFR module