Network Security

Resolved! AIP SSM Module Licensing Question

Hello,If I put 2 AIP SSM Modeules in to a 2 Cisco ASA which are clustered, do I need a new license for the firewall? In the ASDM it complains about no valid license installed although the firewall picks up the cards and allows me to configure in CLI...

Resolved! ASA LAN Based Failover not working

Hi,I have ASA 5510 connected as shown in attached diagram.Ideally when ASA 1 is active and if I boot Switch-1, ASA-2 shood take over. But that is not happening.When I boot SW1 , ASA-2 shows "Failover LAN Interface: failover Ethernet0/0 (Failed - No S...

Resolved! Identity firewall in v8.4(2)

Hi,Can anyone provide more information on how this feature works and what is required?Thanks.

Resolved! Static NAT with port redirection

Hello,I am trying to migrate the PIX static NAT rules to the ASA 8.3 NAT ruleThe PIX rule is given as followsstatic (codea_dmz,outside) tcp 2.2.2.234 www 192.168.1.246 www netmask 255.255.255.255 0 0static (codea_dmz,outside) tcp 2.2.2.234 https 192....

Resolved! ASA 8.4.(1) Nat rules ignored

Hi all!I'm having some troubles with NAT, packets does not match nat rule (that i think it should) and is not choosing the right egress interface. So crypto map never startsthis is the relevant config:interface Port-channel2.4 description Public TESA...

ASA 842 and NAT

Hi all,i'd like to ask you question about NAT.i've got a asa with inside and outside interface and some dmz and i want to nat ip dst 9.9.9.1 to 15.0.0.1 but i wanna also to reach real ip 9.9.9.1.with this rule it works, do you think is right?object n...

Resolved! ASA5505:unable to ping from sec level 100 to sec level 70

I can establish FTP and HTTP connection from inside (sec level 100) to polling (sec level 70)I attempted to enable icmp echo reply from pc to server.Well I failed...packet tracer showed fine... all phases allowed... but my pc simply cannot get a ping...

Traceroute + Antispoofing on not default route

Hi all,I've enabled antispoof on all interfaces on asa 5510If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that i...

ASA5505 Dropping TCP connections for email with attachments

6Jun 24 201118:08:44209.85.213.5458623174.141.xx.xx25Deny TCP (no connection) from 209.85.213.54/58623 to 174.141.xx.xx/25 flags RST on interface outsideI am getting this error in my asdm logs whenever I try to send an email with an attachment. Regul...

Resolved! Newbie acl question

I've got an ASA running 8.4I'm trying to get a simple ACL to work, but I'm failing miserably. The core guts of my config are:interface GigabitEthernet0/0 nameif LAN_1 security-level 100 ip address 172.18.0.1 255.255.255.0interface GigabitEthernet0/2 ...

ASA-5510, ASA-5505 loses connection to gateway

I have an ASA-5510 in a location that loses connectivity to the wan gateway after anywhere from five to fifteen minutes. At first I thought that the unit might be defective, but I replaced it with an ASA-5505 with similar results. A reload of the A...

NAT configuration problem on PIX 506 ver 6.3(1)

Hi,I try to setting up a PIX firewall to server as firewall end point for a small network for Internet access. I had include PIX configuration setup, I had replaced IP address information by sentence which describe them since IP Address is sensitive...

Resolved! Zero downtime IOS upgrade on ASA5520

Hi,We are planning to upgrade IOS on a 5520 pair, from 7.2.4 to 8.2.4, and cause minimum outage. And according to the documentation, we can do the zero downtime IOS upgrade by failing over to the standby ASA and back.http://www.cisco.com/en/US/docs/s...

Multiple Default Routes on PIX/ASA

We have 2 separate ISP connections with 2 separate routers, during a recent router outage we found that our PIX firewall was not routing to the second default route that I have in the pix configuration. Doing some searches on CCO, I have seen some d...

L2TP forwarding ASA5505

I have a Windows 2003 server running a L2TP VPN server on it. I'm putting theASA5505 in replacement of an opensource firewall.My question is that, I can't seem to forward the ports correctly for L2TP to the internal address of the 2k3 VPN server. It ...

Network Security

Forum Posts

Resolved! AIP SSM Module Licensing Question

Resolved! ASA LAN Based Failover not working

Resolved! Identity firewall in v8.4(2)

Resolved! Static NAT with port redirection

Resolved! ASA 8.4.(1) Nat rules ignored

ASA 842 and NAT

Resolved! ASA5505:unable to ping from sec level 100 to sec level 70

Traceroute + Antispoofing on not default route

ASA5505 Dropping TCP connections for email with attachments

Resolved! Newbie acl question

ASA-5510, ASA-5505 loses connection to gateway

NAT configuration problem on PIX 506 ver 6.3(1)

Resolved! Zero downtime IOS upgrade on ASA5520

Multiple Default Routes on PIX/ASA

L2TP forwarding ASA5505

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

after FTD upgrade from 7.2.5.2 to 7.2.9 all snorts cpu are almost 100%

FMC Unable to Join CSSM On-Prem

Fixed: "show conn flow-rule qos" gives Syntax Error: Illegal parameter

ISA 3000 I/O contacts for red light kill switch ?

ERROR(567): No database files are available on Cisco Security Manager

9200和9300，通過管理口進行tacacs認證失敗，找不到原因

ASA Static Routing same IP with different subnet masks

General steps to migrade to a new Cisco Firepower hardware model

GeoLocation IP Package Download In 7.4.2 FMC

FMC-ASA-SFR compatibility