Hello,I am tasked to identify all un-used, in-active, and idle rules in Cisco ASA firewalls. I have access to CSM. But in CSM, I do not know how create such a report. I would be grateful if someone can help to create such a report. If...
Hello, I have a PIX 515E set up between our office switch and our Comcast Business Router and the download speeds are not as fast as they should be. We are paying for 30 down 30 up but it's more like 10 down 30 up. I plugged in a computer directly in...
Hi Guys,I am new to cisco Asa firewall ,, so spare me if i will ask basic doubts .. if I want to configure ASA in Active / standby mode , then their interfaces should be in same subnet Ip.Now , say for e.g for DMZ & inside zone I a...
Hi All, I am currently trying to apply a reverse NAT on asa 8.2 and not sure how to do this. I have done this on asdm 6.2 for asa 8.3 but the options are not simiar on 8.2. Is there a CLI equivelant?I am trying to Achieve the object belowfor any traf...
I am seeing the following error on my Cisco ASA 5510 running 8.4(4):Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src inside:10.1.0.8/1798 dst inside:10.1.0.14/25 denied due to NAT reverse path failureDoing research I...
I can no longer communicate with the standby IP address configured on the inside interface of a secondary ASA5510. Just a couple days ago I could snmp, http, ssh, and ping it.From the switch that is directly connected to the inside interface I'm gett...
Hello folks,I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...1: Users on my private network to be able to access the internet (PAT them to external outside address)2: Ema...
HiI have an ASA5510 and I would like to implement something like this: have two ports patched in and ready but only one active, the other one in standby (when the first one goes down the other port comes up and all the traffic goes down this way), al...
Dear all,While trying to update antivirus server ,I am getting the follwoing message from the ASA-5520.(ASA has an IPS module,but not activated,by passed it)Teardown TCP connection 170777296 for outside:10.1.1.1/80 to inside:12.1.1....
I want to log into my IPS using my existing RSA SecurID using Radius. Is it possible to use a Radius attribute in the RSA to tell the IPS what privillege\role the user is? The idea is I dont create users on the IPS, if a user tries to logon it auth...
I am trying to understand why the Cisco ASA device(s) clustered are dropping legit dhcp traffic (inbound) to the dhcp server.The server is a linux server and it can handle the connections without being limited down.threat-detection statistics tcp-int...
Dear All!!Need to configure connection limitis for LAN behind asa. What quantity I must use :per client per client embrionic totally Per clientper client embrionic(For which interface)To providing them internet access (http, https, pop3, pop3s, smtp...
HiWhat is practically advantage of Active/Active ? if i do Active/Standby then any problem in my network ?What is best practise ? please share.RegardsBiplob
Hi,I have an 887VA-w connected at home. I am using ip virtual-reassembly an all interfaces (dialer and all internal VLANs), I am also using CBAC (currently setting up ZBF). The issue I am having is that I keep getting drop packet error messages and t...
Hi,I need to determine if these protocols can interoperate with the ASA 8.4(x) to build a site to site tunnel from nother device which I believe is checkpoint. Thanks.TLS_RSA_WITH_AES_256_CBC_SHATLS_RSA_WITH_AES_128_CBC_SHASSL_RSA_WITH_RC4_128_MD5SSL...
