Network Security

IPSEC pass through and policy based NAT

I intended to share one of my Public IP addresses between two services1: A HTTPS service on my inside network accessed from the Internet2 An IPSEC tunnel terminating on an internal device (other end is 4.2.2.2 on the Internet)Then I realised ESP and ...

Resolved! Baud Rate for Console connection on ASA 8.6(1)

Hi allI need to use very long console connection it over 56 feet (17m) (I used Cat6 wire with connection on oth ends as console wire 12345678-87654321)According to the below tableData rate (bps)Distance (m)240060480030960015192007.6384003.7560002.6M...

Resolved! Failover triggers on ASA

Hi guys:I got a question regarding on how the failover activate, as far as I know there are only 3 ways to trigger the failover:1.- With the command "no failover active" on the Active device.2.- If one of the interfaces (INSIDE/OUTSIDE) is down.3.- I...

vpn access to asa5510 asdm and ssh not working

hi,cannot access to cisco asa5510 asdm nor ssh thru anyconnect vpn, attached is the current configuration. user authetnicaties aaa locally and has admin service-type. When vpn session is established, it lets me go thru the certificate warning and whe...

High memory load on Cisco ASA 5510

I have a Cisco ASA 5510. The memory load keeps increasing. Unfortunately, i can't restart the device this week. Right now I'm at 84%. How can i find out what is causing this every slighly increasing usage of memory and reverse it? This is the e-mail ...

Resolved! Allowing rdp through zone-based firewall

I hope someone can help me. I have a customer with an 877ISR with zone base firewall.They want to access two servers on the inside from the internet using RDP but with different ports.Partial configuration if anyone can tell me where I am going wrong...

Resolved! IOS ZONE based FW with gre

I have configured a cisco 2911 router with security bundle, as a zone based firewall. Configurations,Gi0/1 - Internet connection - (outside-zone)Gi0/0 - Internal users -(inside-zone)Gi0/2 - ISA server - (ISA-zone) this is use for just connct to VPN...

Resolved! WCCP redirect to WSA from multiple ASA interfaces

Hi,Is binding WCCP to more than one ASA interface possible? I thought I read this was not possible, for example, having an inside interface and a dmz interface both redirect traffic to a WSA.Thanks.

Filtering IPv6 extension headers on FWSM

Hello,We want to filter IPv6 extension headers on FWSM (4.1.x) and we discovered that filtering does not works at all. For example to filter destination options we used the following IPv6 ACE:ipv6 access-list OUTSIDE6_IN deny 60 any anyThen packets a...

Resolved! IPS module or CSC module

Hello all. I have a customer that wants to purchase an ASA 5510 security plus to terminate client VPN access for an external support team. The customer claims to want URL content filtering/proxy which leads me to suggest a CSC SSM 20 plus module. But...

Resolved! anyconnect SSL licensing for active/passive cisco ASA devices

Hello all. I am purchasing 2 5512x ASAs to be configured as an Active/Passive pair as a VPN device. Do I need to purchase anyconnect licenses for both devices? Thanks,

Resolved! detailed documentation on asa 5512-x and 5515-x

does anyone know where I can find detailed documentation on these two products. Particularly, I am looking for high availability capabilities and any license requirements. Thanks,

Resolved! Changing subnet mask in an ASA interface

Hi,We have an ASA 5520, working fine.One of the interfaces is connected to users PCs and printers mainly. Last months the number of devices has grown rapidly, and we would like to make some changes in it in order for it to be able to host new devices...

ASA 8.4.4 filter url using hostname

Hello ... is there any way to apply hostname or object network in the syntax? The command gives the option to use hostname or A.B.C.D but doesn't accept the hostnamePIX1(config)# filter url except 0.0.0.0 0.0.0.0 ?configure mode commands/options: Ho...

Problem configuration ASA 8.2 With HTTP access OUTDOOR

HelloI have problem i want to access to my http server in my local network from outside 192.168.2.42 : it my server http 195.X.X.X its my internet IP but it was connected in eth 0/4static (DMZ,Orange) 195.X.X.X 192.168.2.42 netmask 255.255.255.255...

Network Security

Forum Posts

IPSEC pass through and policy based NAT

Resolved! Baud Rate for Console connection on ASA 8.6(1)

Resolved! Failover triggers on ASA

vpn access to asa5510 asdm and ssh not working

High memory load on Cisco ASA 5510

Resolved! Allowing rdp through zone-based firewall

Resolved! IOS ZONE based FW with gre

Resolved! WCCP redirect to WSA from multiple ASA interfaces

Filtering IPv6 extension headers on FWSM

Resolved! IPS module or CSC module

Resolved! anyconnect SSL licensing for active/passive cisco ASA devices

Resolved! detailed documentation on asa 5512-x and 5515-x

Resolved! Changing subnet mask in an ASA interface

ASA 8.4.4 filter url using hostname

Problem configuration ASA 8.2 With HTTP access OUTDOOR

Cloud Delivered FMC edit multiple interfaces

3130's Howto: configure network management-interface and shut / no sht

Correct way to config two external interfaces on the CSF 1210CE FTD

Secure Firewall 1200 HA topology with 03 ISP link´s and SD-WAN

FMC 7.4.2.1: Missing active sessions in Remote Access VPN dashboard

Cisco SNS 3755

Upgrade FTD 2130

Cisco firepower 1150 multi ISP and Remote Access VPN

Smart License lost after Powerfail / Reboot

Firepower 1120 has wrong (falcon demo) license active