Network Security

How to Reduce the CPU Utilzation

Dear All,There is one Public IP through which someone trying to access FTP Server which located inside my LAN. My query is due to contoneous request for accessing to that Particalar Server, Firewall CPU Utilization going High. Is there any option to ...

DDOS/DOS/SYN Attack Mitigation

Dear Team,Can I know the varios methods/conf to mitigate DOS/DDOS/SYN Attacks thru ASA?How we will detect that we are under attack. What are the tips and Tricks??Regards,Manu B.

Need method to identify new hardware on the network

We have had a request to configure ASAs (or routers if necessary) so that we can be notified when new devices are added to the network (PCI compliance requirement).Cisco pre-sales says that there's no way. Surely with SNMP, TCL, EEM, or other, there...

ASA & VOIP

I have almost 30 VOIP ( Packet8 ) phones , divided on three different location . Out of these three location 2 have ASA5510 as firewall & the 3rd side is uisng a linksys WRT54g Device. I have noticed that we are facing multiple issues with VOIP devic...

error when applying nat & global

I am building fresh setup for an ASA and when trying to NAT & GLOBAL I get the following:ciscoasa(config)# nat (inside) 1 0.0.0.0 0.0.0.0ERROR: This syntax of nat command has been deprecated.Please refer to "help nat" command for more details.ciscoas...

Resolved! ASA capture utility / IP spoof

Hello,I had received couple of notifications from ASA regarding IP spoof attempts::Jul 21 14:06:56 EDT: %ASA-session-2-106016: Deny IPspoof from (127.0.0.1) to 64.x.x.x on interface insideI wanted to get some more info to eliminate any infected clien...

ASA network topology and mgmt interface

Hello,I am implementing ASA 5510 for SSL Anyconnect client RAS only. It will be a part of existing firewall infrastructure.ASA has a public internet (outside) interface to setup a VPN tunnel and should route all the RAS users traffic to internal ne...

NAC Appliance

I have two questions about the NAC Appliance:1. I have understood that for every vlan access must have a vlan authentication, is there any way to minimize the amount of address for the vlan authentication, eg. if I have 4 access vlan in the same bui...

ASA 5505 8.3 ACL Dropping Packet - Please help

message removed.

How to see mac address in IPS 4240 ???

Hi all,How to see mac-address of inline-vlan-pair ? and how to see mac-address of management interface in IPS ?Regards,Kiran

ASA 5550 - Context load order on reload / powercycle issue

Hi,I've encountered something a little strange.I'm currently running 15 contexts on a 5550 which are loading their configs from an FTP server (albeit temporarily!) using the config-url ftp://xxxxx line in the context configuration.The admin context i...

Problems with the Cisco NAC agent, does not perform remediation??

Good MorningI'm doing an implementation of NAC, but when the user is authenticated, the agent informs you that does not comply with defined security policies, to start the repair and re-scan the machine error appears "NAC Server is not available on t...

Resolved! sh int ip brief doesn't work in PIX-515?

Hi,I'm not sure why this command doesn't work in one of my PIX-515 firewall. Tab also doesn't work.I used to use this command on both PIX and ASA. Please advicePIX-515# show interface ip briefUsage: interface <hardware_id> [<hw_speed> [shutdown]] ...

PIX-1GE-66 used on ASA5580

Can advise if it is possible to re-use PIX-1GE-66 interface cards on the ASA5580?Thanks

Resolved! IDSM-2 data-ports

Hi,I have taken over managing a 6500 IDSM-2 implementation, as far as I can see it has been configured in Promiscuous Mode with a single virtual sensor assigned to both data ports 0/7 & 0/8.The switch has been configured with the following commands:...

Network Security

Forum Posts

How to Reduce the CPU Utilzation

DDOS/DOS/SYN Attack Mitigation

Need method to identify new hardware on the network

ASA & VOIP

error when applying nat & global

Resolved! ASA capture utility / IP spoof

ASA network topology and mgmt interface

NAC Appliance

ASA 5505 8.3 ACL Dropping Packet - Please help

How to see mac address in IPS 4240 ???

ASA 5550 - Context load order on reload / powercycle issue

Problems with the Cisco NAC agent, does not perform remediation??

Resolved! sh int ip brief doesn't work in PIX-515?

PIX-1GE-66 used on ASA5580

Resolved! IDSM-2 data-ports

pxGrid session subscription missing radius accounting session Id

Model Migration - 4110 Native to 4225 Instance S2S VPN Configs

ASA upgrade procedure on Hyper-V

Announcing the release of Firewall Migration Tool Version 7.7.10

CSCvx25052 - DOC: FTD Syslog messages 43000x missing from FMC

How do objects import when importing an ACP from one FMC to another

Using Flex configuration for PBR

FTD VPN Issue

FTD Route based VPN

Modifiying FTD instance on FTD3130