Network Security

Resolved! ASA Failover query

Dear All, I have 2 cisco 5520 ASAs and was configured for Failover.Unfortunately our Primary ASA went down and Secondary becomes Active and network admin made lots of changes on Secondary Active ASA.What is the best practise to rejoin Prim...

Nexus 7010 role permit commands not working

Hello,I have a Cisco Nexus 7010 switch that incorporates roles with specific allowed commands that can be run. However, a few commands will not work for unknown reasons.The commands 'show system redundancy status' and 'command show version module *' ...

Very simple ZBF not working (IPv6)

I'm having several issues with IPv6 and ZBF. I've narrowed one of them to a very simple setup.I tried 15.1(4)M in GNS2 and 15.1(4)M3 on a 1812.The setup is [PC] ----- [R1] ------ [R2]R1 and R2 are interconnected by IPv6 only and there is a tunnel ove...

Direct access to my public ip address from inside my network

We have ASA 5550, I have a portal server in the dmz which is natted statically to a public ip address for port 443. The application works fine from outside world. The server is also nated with a dynamic nat from inside to dmz and when I hit on the dm...

Resolved! ASA 5505 PCI Client Project Feedback

Good Evening Guys, Just need to get some feedback from more experience guys like you . I am attaching a Screenshot of the tentative layout. Since I will use 3 Internal VLANs the Security Plus License is mandatory. Basically the wireless devices will ...

Identity Options in ASA

Hello, I am testing "Identity Options" with IDFW Step by Step configuraiton.I could finish installing and configuring AD agent and Identity options but I could not get an authenciation from a domain controller.I can find my name in the domain control...

5510 A/S failover errors

I just added a new 5510 failover unit to an existing 5510 and when connecting my new outside interface on an Active/Standby firewall pair, i get errors messages (red x) on each port scan (monitor & syslog) although the error message indicate all port...

Resolved! CBAC on 2921

Hello,i´ve migrated a working IOS configuration from an 2811 (12.4) to a 2921 (15.2(2)T) and it seems thatCBAC is behaving different.ip inspect log drop-pktip inspect name OUTBOUND tcpip inspect name OUTBOUND ftpip inspect name OUTBOUND udpip inspect...

static nat with port redirection 8.3 access-list using un-nat port?

I am having difficulty following the logic of the port-translation and hoping someone can shed some light on it. Here is the configuration on a 5505 with 8.3**************************************object network obj-10.1.1.5-06 nat (inside,outside) sta...

Resolved! ASA not answering ARP request

I'm sure this is a simple configuration issue but here is my issue:We are running an HTTPS service on a host that is connected to our DMZ network on our ASA. This host and ASA can communicate just fine. I've created an ACL rule that allows HTTPS traf...

Resolved! Why is ASA so far down the WCCP Preference List?

This list makes it seem like the ASA is not the best WCCP deployment option, but for WSA implementation, the ASA is logical choice in many cases. Does anyone know why the ASA is so far down the list?

prepare asa config to be used at next reboot

Hello,For a customer I have to move the ASA 5505 firewall to a new internet connection. I have modified the config in a notepad textfile and want to put it on flash or so, so that it will be loaded at next reboot. I believe this is possible but does ...

acl allowing guest access

I have an ASA 5550 at our main site with an external ethernet interface to our ISP for internet access. I would like to allow 10.100.41.x/24 http / https access but block this network's access to all other internal networks including 172.17.x.x,, 1...

Unable to access ACS

Good day,We are having an issue with a couple of switches we have daisy chained off of each other. We have a 2960 8 port going to a 2950 24 port then to our core switch a 6507. The problem is we cannot authenticate to the ACS server attached to the 6...

Global correlation / reputation filtering in monitoring mode

We use Cisco appliances primarily in monitoring mode. We'd like to use the IPS reputation filtering / global correlation to alert us when we have connections to "bad" IP addresses (e.g. botnet, etc). Is it even possible to use either of these featu...

Network Security

Forum Posts

Resolved! ASA Failover query

Nexus 7010 role permit commands not working

Very simple ZBF not working (IPv6)

Direct access to my public ip address from inside my network

Resolved! ASA 5505 PCI Client Project Feedback

Identity Options in ASA

5510 A/S failover errors

Resolved! CBAC on 2921

static nat with port redirection 8.3 access-list using un-nat port?

Resolved! ASA not answering ARP request

Resolved! Why is ASA so far down the WCCP Preference List?

prepare asa config to be used at next reboot

acl allowing guest access

Unable to access ACS

Global correlation / reputation filtering in monitoring mode

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

Knowledge Hub: Cisco Technology for Securing the Enterprise

Announcing Resources That Guide You to Success

Comcast/Ciena handoff to ASA5506?

Cisco FPR-1010 always boot to FXOS mode

Cisco FTD portscan

ASA-AWS - EC2 IMDSv1 required for the PAYG license to be applied

how are blocking cookie and java be applied in real situation?

Cisco ASA ACL and NAT for RDP through subinterface allow any

is this flow impossible?

DDOS and "Error processing payload: Payload ID: 1"

ASDM unable to login for v7.18(1)152

Logging Informational Configuration in Cisco ASA