Network Security

ASA 5506 - no SSH possible

Hello TogetherPlease i will open for LAN "Inside" the SSH Port. try with this commands but no postive result appair "Connection redused"i know iam on the right way, please and thanks for any Update:asa(config)# crypto key generate rsa general-keys mo...

Resolved! FirePower FMC Audit logs are not showing policy changes

Hi all !I'm capturing Audit logs from FMC using tcpdump, but unfortunately I do not see any access policy changes in the logs : \I do get other logs like saving the configs etc, but when I edit the policy and add/remove/edit a rule , I get nothing on...

Public IP NATed to Internal IP that is on the other side of a router/SD-WAN

Went From a all intern WAN to a SD-WAN. before SD-WAN I mapped 16 of my Public IPs to a Local DMZ Subnet off my ASA-5525-X Allowed RDP and piped that VLAN directly to a Virtual Machine in the Remote Office. Remote user was only able to get to the VM ...

RV345 Client-To-Site VPN not working

Hi, can anyone help me to how setup a client-to-site vpn on RV345 router, I've tried many ways but no luck. I already went through the Cisco guide for this onhttps://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-router...

Firepower Intrusion Events

Community,I recently implemented FTD's and had a question. I am not seeing any Intrusion Events or Attackers populating in the Intrustion Events or Geolocation tabs in my dashboard. Is this because I have not yet enabled the "inspection" option in an...

FTD 2100 6.6.1 - SNMP monitoring for PRTG Configuration

Hi,We haven't been able to set up SNMP monitoring for PRTG. We found some articles informing a diagnostic interface and\or set the platform setting policy (which is currently blank) need to be configured? Can anyone share any documentation that expla...

CSM vulnerability

Hello, I upgraded CSM 4.19 to 4.22 SP1 to be covered from the CVE-2020-27131 vulnerability.The thing is that the scan finds again this vulnerability. The customer informed me that this path cwhp/CSMSDesktop/about.jsptriggers the vulnerability in Qu...

OSPF Bi-directional forwarding on FTD

Hello,I'd like to configure the ospf bi-directional forwarding on a FTD 2130 using FDM.Could someone help me? I've checked on FDM, there weren't any BFD CLI commands in OSPF config even I clicked on "SHOW DISABLED". But I saw in BGP config.Maybe I ca...

TCP max bandwidth limited by firewall

Hello all, What parameters on a Cisco firewall FPR2140 connected in 10g (and I would say a firewall in general) could explain why a TCP flow is limited to between 370 and 430Mb/s while different test with iPerf showed the following :- 1 TCP flow : ma...

How to inspect inbound traffic using Firepower

Our current setup using ASA and Firepower Inside : 20.20.20.0/24Outside : x.x.x.x My access control policy is such that it inspects 'Inside' to 'Outside', where 'Inside' is Firewall trusted interface, and 'Outside' is Outside interface. I understand ...

Resolved! Detect telnet on non standard ports

If my ASA is configured to allow port 443 (over http), can ASA allow web 443 and block telnet 443? e.g.: Allow https://x.x.x.x block: telnet x.x.x.x 443 Question2: Will blocking telnet on non standard ports give any benefit?

ASA virtual IP concept

Coming from a netscreen/junos background... For allowing access to the inside from a DMZ IP I'd usually configure a VIP using an IP in the DMZ network that would map/nat to an IP on the inside interface and apply the appropriate acl/policies to that ...

Resolved! IP SEC License - Transfer from ASR1001 faulty unit to a new ASR1001

Hi all, is it possible to to transfer IP SEC License for ASR1000 Series from faulty unit to a new unit? Thanks,Hafiz

ASA failover failed....

Hi there people in my phone, We have a pair of ASAs in a failover pair, and the failover has failed with an interface error. Interfaces on the FW and connecting switch are both up/up, no configuration has been changed, and it's been fine for the la...

Resolved! Native Vlan - Double tagging attack

Hello everyoneI would like a clarification on the native vlan.By default a vlan is used, for example 99 as a native vlan without assigning any access port to avoid double tagging attacks.What is not clear to me is:1) Why do I have to set as a native ...

Network Security

Forum Posts

ASA 5506 - no SSH possible

Resolved! FirePower FMC Audit logs are not showing policy changes

Public IP NATed to Internal IP that is on the other side of a router/SD-WAN

RV345 Client-To-Site VPN not working

Firepower Intrusion Events

FTD 2100 6.6.1 - SNMP monitoring for PRTG Configuration

CSM vulnerability

OSPF Bi-directional forwarding on FTD

TCP max bandwidth limited by firewall

How to inspect inbound traffic using Firepower

Resolved! Detect telnet on non standard ports

ASA virtual IP concept

Resolved! IP SEC License - Transfer from ASR1001 faulty unit to a new ASR1001

ASA failover failed....

Resolved! Native Vlan - Double tagging attack

Hearty congratulations to the December Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

How to assign a parent/base policy to an access policy with FMC API

Firepower 7.2.1 - Issue with the FlexConfig Text object override

Private VLAN's interaction with ESXi and firewall

Packets appearing in ASP DROP?

What is PID when we try to integrate with Cisco API's

FMC API - can not associate a prefilter policy to an access policy

What is the result of placing, on ASA outside int, ACL...

On ASA5525 with vanilla setup, need to place ACL on outside int?

CSR 1000v ACL syntax-- use wildcards or masks?

SFR sensor upgrade fails readiness check