Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

ASA 5510 Firewall internet Restriction based on IP address and block rest users excluding Mails

Hi,As i have assignment to create access list based on IP address like we have to allow internet access this IP range 192.168.172.201 to 212.And rest users we have to block excluding Mails.Please help.Thanks,Regards,Hemant Yadav

Resolved! Remote VPN on ASA failing to hit public servers

Guys,Thanks for reading this post. I have a Cisco ASA 5510 that was set up as a VPN server for working remote. I have disabled split tunneling so that all traffic created while VPN'd in goes through the ASA. The problem I'm having I believe would...

Resolved! %ASA-4-106023

Hi all,I have one constant syslog message in my ASA 5520, everyday i have this message: %ASA-4-106023: Deny Deny icmp src DMZ:X dst INTERNA: YBut the source is a Public Ip X sending to Y a Private ip in my network. my DMZ have access to the internet...

PAT pool exhaustion / Portmap translation creation failures

I'm getting some very strange (to me) logs from my ASA, and I'm out of ideas on how to figure it out.System: ASA-5520Software: 8.4(3)Flash: 256 MBMemory: 2048 MBMode: Routed / SingleLicense: VPN PlusMy Tunnels interface has address 192.168.6.1/24 and...

Creating Internal and external access

I am using an ASA versions below:Cisco Adaptive Security Appliance Software Version 8.2(1)Device Manager Version 6.2(1)I have been tasked with enabling access from our internal networks to servers that are hosted on the DMZ and NATed to external cli...

NAT 8.0

Friends,I have a strange question here please bare with me if it is funny but it is woking live with thirdparty firewall which is going to be replaced by the ASA.Third party firewall is working with below policy and i want to do it in ASA 8.0:i ha...

2 ISP on ASA

Hello ExpertsLooking at this example i found Two ISP can be terminated on ASA, Our requirement is to send HTTP traffic via ONE ISP and VPN traffic on Second ISPhttp://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a...

ASA migration from 8.2 to 8.4 (active/standby) without outage

Hi there .... I need to upgrade a pair (active/standby) of ASA from 8.2.5 to 8.4.3 ... I have a script created to modify all NAT rules I need, and I have tested it in lab, and I think I'm good with it.Now, I want to figure out if there's a way to do ...

ASA display height?

I'm using SSH and telnet internally to access my ASA (using windows 7). At some point, the ASA decided that the allowed screen height is only 10 lines high.My command windows for both SSH and Telnet are able to handle about 80 lines of text before i...

Firewall upgrade - ASA5555x ?

Looking to retire our PiX 151E's this year.. Would like to move to the new ASA5555-X. Anyone know how they handle IPS ?Is it built in with a subset of IPS features like the older ASA or does it have a full IPS feature set ? Alsowill it support an IPS...

FW-Pix 501 P/N 47-10539-01

I need to upgrade the firmware and SDM software for my PIX FW and my question to the entire Community is where to download the latest firmware software from. I don't have any service contract with Cisco and I can not even get one, because this produc...

asa site to site vpn with overlapping networks

I am trying to set up a site to site tunnel with overlapping networks. The customer has asked if I can use an public ip address (same network as the outside interface of the asa) - I dont want to use a public Ip address for this temporary deployment ...

Resolved! ASA Context

I have an ASA that wont allow internal users to vpn into the ouside interface. The guest wireless is terminated at L3 switch but i want to create a new virtual contex to terminate the guest wireless, so it doesn't have to use private DNS server. I h...

Resolved! %ASA-4-507003 terminated by inspection engine, reason - inspector disconnected, dropped packet.

Hello,I am getting more and more of these logs, the message itself does not say much, "reason - inspector disconnected" is not a reason in my opinion.Looking at the output of "sh service-policy inspect esmtp"Global policy: Service-policy: global_po...

ACL applied on in|out of a port on an ASA

Folks:I am new to working on ASAs; however, is it possible to apply an ACL to an interface and specify "in|out" command switch? If this is possible, can an example be supplied? I am trying to limit traffic from my DMZ to my Internal network; however,...

Network Security

Forum Posts

Firewall Migration Tool v7.0.0.1 now live!

ASA 5510 Firewall internet Restriction based on IP address and block rest users excluding Mails

Resolved! Remote VPN on ASA failing to hit public servers

Resolved! %ASA-4-106023

PAT pool exhaustion / Portmap translation creation failures

Creating Internal and external access

NAT 8.0

2 ISP on ASA

ASA migration from 8.2 to 8.4 (active/standby) without outage

ASA display height?

Firewall upgrade - ASA5555x ?

FW-Pix 501 P/N 47-10539-01

asa site to site vpn with overlapping networks

Resolved! ASA Context

Resolved! %ASA-4-507003 terminated by inspection engine, reason - inspector disconnected, dropped packet.

ACL applied on in|out of a port on an ASA

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Change IPS and AMP Policies to enforcement mode

FTD SSE Connector Service down

Problem with ssl decrypt-resign on Cisco Sefure Firewall

FTD reboots and the active firewall losts all of the User ID entries

ASA AD LDAP Authorization belonging to multiple groups

ACL on VTY Line Blocks All Connections

ASA Help With NAT for Printer

Does the FMT overwrite all FTD configuration if only selecting NAT

Can't ping from FTD managemnt to FMC

IG not mapped to SZ on FMC/FTD