Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

Resolved! acl problem

Hello there,I'm stucked with an acl problem. Attached to the message is the topology of an enterprise LAN with a server farm that I'm trying to protect using ACL's. Thre's also an addresssing table.The goals of the test (a paket tracer activity) are:...

Subinterface doesn't respond to pings - NP Identity ifc

I'm trying to set up an 802.1 q trunk between my layer 3 switch and ASA5520. I understand I need to create a subinterface to accomplish this and have done so. However, the subinterface does not respond to pings, and when I attempt to run the packet...

site to site vpn local url not opening from branch office

i have sie to site vpn say between delhi to mumbai and delhi to hyderabad . delhi is corporate office, branch offices are pinging fine to corporate office ,response is fine. there are applications server in delhi corporate office some local url say h...

ASA USB Ports

Hi,Anyone knows what we can do with the usb ports that has the ASA. Are there for specific application or for future features?Regards

Understanding access rules

am trying to config a FWSM by ASDM 6.2f.there are formerly configured interfaces and new interfaces i created.when i add a new access rule it gets added only to all the old interfaces but not to the new ones i created.1. what wrong with the new inter...

DHCP with MAC IP

Dear Team,I'm using an ASA5505 with dhcpd.but i want to assign a specific IP address from the configured dhcp range to a specific PC. Is it possible to bind a specific ip to this particular PC's MAC address. Please advise.Regards,Suthakar

TCP Reset-I while trying to do LDAP auth in AAA

Short story, for a remote access VPN, i'm trying to auth against an ldap server on the outside of my branch office. The branch office has an ASA 5505 sec plus. The LDAAP server is in a data center behind a 5520, though it is statically nated to an ...

ASA - NAT

Hi,Background - I have a ASA which is connected with 2 internet service providers. Both providers have their respective public IP addresses configured to two different physical interfaces. I NAT the Inside zone proxy to one of the provider interface ...

Resolved! http content problem

I recently loaded a pair of Asa 5520s in a ha configuration. All rules VPNs and svc are working fine. Ever since the implementation users are complaining that websites are not loading correctly. The formatting is goofy and red x will appear over s...

Resolved! Ignoring TCP handshake & Sequence Numbers for STT Traffic

Hi,I have to pass STT traffic through a Cisco ASA (details on STT are here http://tools.ietf.org/html/draft-davie-stt).STT traffic looks like TCP traffic (i.e. it uses IP protocol 6 and is sent to a specific destination port) but is stateless. It doe...

Resolved! Cisco PIX to Cisco ASA Migration Tool

Hello,I appreciate any help to download the The Cisco PIX to ASA migration tool referred at http://www.cisco.com/en/US/partner/docs/security/asa/migration/release/notes/pix2asarn.html#wp39336Thanks in AdvanceFrancisco Almeida

Resolved! FIREWALL and VPN exams

642-617 and 642-647The last day to take these tests is May 28th. If I pass them both, how long will they count as credit towards the CCNP Security?I have vouchers for both, and I'll take the exams, but I feel like I should take the new exams as well...

removed the icmp inspection from my default policy-map

Hi Expertsi have removed the icmp inspection from my default policy-map in my ASA 5520,now i could not able to ping to 4.2.2.2 from my LAN even though i have configured an ICMP Access-list in my asa like ,but I can't ping 4.2.2.2 for testing the Inte...

ASA 5505 with Backup ISP

I am working with a client that currently has an ASA 5505 with two ISPs for failover using a tracked interface. I would like to configure logging so that the ASA will email us when the Primary ISP goes down and fails over to the backup. Here is wha...

Access another host on same subnet through Nat'd IP address

I appreciate any help in advance, I have a requirement to monitor a host's external IP address, the monitoring host (host A) initiating the request is located in the same DMZ subnet as the destination host (host B) I want to monitor, both are NAT'd t...

Network Security

Forum Posts

Firewall Migration Tool v7.0.0.1 now live!

Resolved! acl problem

Subinterface doesn't respond to pings - NP Identity ifc

site to site vpn local url not opening from branch office

ASA USB Ports

Understanding access rules

DHCP with MAC IP

TCP Reset-I while trying to do LDAP auth in AAA

ASA - NAT

Resolved! http content problem

Resolved! Ignoring TCP handshake & Sequence Numbers for STT Traffic

Resolved! Cisco PIX to Cisco ASA Migration Tool

Resolved! FIREWALL and VPN exams

removed the icmp inspection from my default policy-map

ASA 5505 with Backup ISP

Access another host on same subnet through Nat'd IP address

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

FTD SSE Connector Service down

Problem with ssl decrypt-resign on Cisco Sefure Firewall

FTD reboots and the active firewall losts all of the User ID entries

ASA AD LDAP Authorization belonging to multiple groups

Cisco FTD workaround for SSE connector failure stumbled on rights priv

Cisco 2130 Virtual Firewall Contexts firmware

Using FlexConfig to change default command (no sysopt noproxyarp) rule

Trying to enable AnyConnect Alias

EU compliance certificate Firepower 1010 NGFW

Firepower 1010 readiness check stuck at "Please Wait"