In a scenerio where an ASA has a Guest interface (security level 50) has only a single OUT acl applied (access-list guest.out extended deny ip any any / access-group guest.out OUT interface guest) and an outside interface (security level 0) conn...
My setup is as follows( vlan 10 ) ( vlan 20 ) --- (vlan 30)172.21.1.30 ---- insideASA< >outsideASA ---- gw-172.21.1.25 ---- clientThe server in vlan 10 is on the same subnet as the gateway...
Users are reporting lots of problem with the Internet at my office. Mostly slow speeds and pages that do not fully load. I did a "sho asp drop" on the ASA and got the info below. Not sure what is OK or not but the large amount of out-of-order buff...
Hi,I seem to get conflicting information on using the Management port as a regular routed interface on the ASA5510This is the text in question:The management interface can be used for the traffic that passes through the firewall as well. The Security...
Hi,As I am trying to create site to site VPN.The other side they have given me parameters.Phase 2 parameter is esp-3des esp-sha-hmac.SIM IP subnet is 10.85.170.0/23 and VPN gateway is 41.220.75.1IKE Encryption (Phase 1): 3DESIKE Hash (Phase 1): SHA1I...
Hi,We are planning to upgrade our ASA 5520 from 8.2.1 to 8.4.3. Could you please help me asking the following questions?1. Which is the best migration plan to follow 8.2.1->8.3->8.4.3 or 8.2.1 to 8.4.3>? We are using nat-control now and for this ...
Hi all,i've been using a the classmap "class-map type inspect match-any min-cls-insp-in-out" in a policymap "policy-map type inspect min-pm-in-out" in the zone security "ccp-zp-in-out source" for my firewall. I've just noticed a "match protocol Othe...
Hi guys,I'm having issues with NAT dropping ICMP on default NAT. Do I need to create another NAT for ICMP? Please let me know. Thank you in advanced.Here's the packet-tracer result:firewall01# packet-tracer input inside icmp 172.23.1.74 0 10 8.8.8.8 ...
I'm attempting to configure two ASA 5520 for active/standby failover.When I enter the “failover” command to enable the config on the primary ASA, the entire routing table disappears.There is no routing process running, only static routes are configur...
Hi Expertsi have ASA 5520 , some times the CPU Spikes above 90% for 5 Seconds then it went down to 35 - 40% ,but what happened when it shoots to 90% all connection go through this ASA gets drops then i receive complain since application traffic trave...
Hi , Edited the "sshd_config" file to support only for the SSH version 2 and killed the session using "kill -HUP pid". But still SSH version 1 is working.Also confirmed the the sshd_config file saved properly (protocol 2). Please he...
Hello,I need verification that all I need to do something like this:http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtmlIs a smartnet contract to be able to access the software to update the ASA 5...
Hi, we have users connecting via an ISP Wan-link to our ASA with inside-subnet 192.168.1.0. The remote users are on 192.168.2.0 and can only access 192.168.1.1, no other IP on the 192.168.1.0 subnet. Any idea why?The (ISP) router and 192.168.2.0-subn...
Hi,I've been struggling to get ASDM (PDM) installed and running on my PIX 515e.The PIX IOS version is 7.2.4(30)The ASDM version I've copied to flash is 524.I've followed the Cisco documentation verbatim, however I still cannot connect via the Java AS...
