Network Security

Hi Everyone,I have a cisco pix 501 sitting on our network, everything is working as should and to be honest its a great little firewall.Following a recent upgrade to some in house software we now require TCP port 2001 to be open, and im not 100% sure...

Hi,During my Demo of the NAC solution I'm having a hard time with NAC's AD SSO. I have already added the AD on the server and the status is "STARTED" but when i logged on to the machine it doesn't perform SSO. I have checked that the CAS is not liste...

Hello CommunityWhile working at a customer site today, we opened up another interface on our ASA here and named the interface WAN.  The WAN interface has a security level of 30.Currently we have a 3750 switch connected to the WAN interface with a man...

Hello,I am running a pair of fwsm 3.2(13). We have an access-list to control the aaa match authentication thru a radius server. Right now, static rules defined on the access-list to bypass authentication didn't work. Everyone is force to authenticati...

Hi,I've been troubleshooting a traceroute issue going through an ASA 5520.  Using the capture and trace function i discovered the problem was with the nat excempt rule dropping the packet. I have a nat 0 rule specifying the next hop router IP and spe...

Hello All,I am in the process of migrating from a PIX 515 running 7.2 to an ASA 5520 running 8.3 and I'm having an issue with the new NAT commands. Currently I am using PAT in the following manner:static (inside,outside) tcp 10.10.10100 41056 192.168...

I've been looking for a way to filter macs on the lan side of a 871 router.  The following works to deny a list of mac's from passing traffic.class-map match-any macfilter match source-address mac hhhh.hhhh.hhhhpolicy-map macfilter class macfilter   ...

hi,I read an interesting statement on http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801e6a45.html:• Unique network collaboration-Enhances scalability and resiliency through network collaboration, including efficient...

We have a very old 4215 we are trying to upgrade for our lab. When applying the upgrade to 5.0 we get:Rack1IDS(config)# upgrade ftp://10.0.0.100/IPS-K9-maj-5.0-1e-S149.rpm.pkgUser: ciscoPassword: ********Warning: Executing this command will apply a m...

HeloWith asdm 6.2 (8.2(2)) the config tab is removed with the privilege statements below, but apparantly it doesn't work with asdm 6.3(1) (8.3(1)). Any ideas  for fixing that - I want to grant access to read-only Botnet filter information ? Thanks /J...

Hello guysI am newbie to ASA firewalling.I have ASA with IPS SSM-20oustside port 10.10.0.1managment port 192.168.1.1sensor port 192.168.1.2I have to do setup IPS SSM-20 to pick up auto updates from cisco.comFrom outside port I can ping any internet I...

Guysin IPS World,where and when we shoud consider mode such interface pair/Vlan Pair?Thanks

We're receiving a multitude of the following syslog ID & description, on our edge ASA:%ASA-4-507003: tcp flow from inside:<output omitted> to outside:<output omitted> terminated by inspection engine, reason - inspector reset unconditionally.Based on ...