Network Security

Denied Attackers behavior

Hello,I need to know how the IPS makes decision on putting the attacker IP in the denied attackers and is there a way to monitor what was the signature that triggered it.The case I have is an IPS protecing the WAN zone, it's adding for no reason leg...

ASA geographic / long distance LAN failover

Has anybody got recent experiance / case studies for long distance LAN failover? I have found this site, which shows an example using PIX and 6.2 Codehttp://www.sans.org/reading_room/whitepapers/firewalls/long_distance_failover_high_availability_usi...

Resolved! Udp Routing Problem - ASA

Hi all...Can you please help me solve the following issue please ...I have strange problem with routing udp packets. Let me explain better:I have 2 servers with ip address of for an example: 192.168.1.1 and 192.168.0.1 ... An application installed o...

DNS rewrite for non-existent record?

We are trying to hit a client's web server by their internal name across a vpn. The name space they are insisting upon using is the same as their public namespace (ex: web1.abc.com). They are not going to publish this 'web1' record to their publi...

question on setting boot images

I have a couple of questions regarding upgrading of images on an ASA. I have read where you can set up to 4 images, but I can't see anywhere where they give you an example of the syntax. I know for a single image, the syntax would be something like "...

Resolved! FWSM and Etherchannelling

Hi,I have a scenario to install FWSM as a WAN Firewall on WAN-Aggregation VSS. One of the obstacles I have to resolve is keeping the Ether-Channel currently connects WAN-Aggregation to the downstream Core-Switch (another VSS).The way I see it, settin...

regexp end of string in Service Policy Rules

I'm trying to set up a service policy that allow access to only a few websites, but I'm having trouble using regexp to match URLs. The problem is that end of string ($) does not work on the ASA.This expression works fineASA# test regex www.google.com...

same interface for the multiple context

Hi All, Could I use same interface for the multiple context, without doing subinterfaces cause my outside for all the context is same. Thanks in advance.Regards,Abhijit Kasarekar

Distance Between Two Firewalls in Cluster

Hi All,What is the recomended distance between two firewalls in Cluster, if it supports Failover thru wan, what is the recommended Latency? Will it support routed environment ?Regards,Manu B.

Resolved! FTP poblem in Site to Site IpSec VPN

Hi all...I need some help...Ok, I have 1 PIX and 1 ASA Firewall, both ver. 8.0.4. Between them I have Site to Site VPN and defined interesting traffic in crypto maps. For now everything is ok,except when I try to ftp from one perticular server to ano...

Resolved! IPsec Tunnel VPN - PIX FIREWALL

Hi,I have a requirement to create IPSEC tunnel from my PIX to other vendor firewall.Please provide me with config details of PIX in detail related to this taskPIX to FIREWALL (OTHER VENDOR)1. Please give me a detailed explaination how to create an IP...

Resolved! Power consumption via SNMP

I have been asked to collect data periodically from switches using SNMP.The "show power" command gives me that information on the command line (see below), but I am unable to find this data via SNMP. Is this data available via SNMP? Does something sp...

NAC upgrade 4.6.1 to 4.7.2

Hi,I have a problem with upgrade CAS 4.6.2 to 4.7.2.When I unpacking cca_upgrade-4.7.2-from-4.5.x-4.6.x.tar.gz and started ./UPGRADE.sh, I get message on console:Checking for a free partition to use for upgradeFound free partition to use at /dev/sda3...

Resolved! PIX 515e Simple LAN > DMZ issue

Hey all,So ive been trying to get my LAN talking to my DMZ. Sounds simple as, ive googled and googled, messed with it, and i cant get it to work. Im sure its some really obvious static line im missing, but would you mind helping me out? I basically w...

ipsec tunnel on pix 501

I am trying to create a site-to-site ipsec tunnel. My first attempt failed and I was given some information from someone using an ASA (8.0?) for my second attempt. They were not sure of the compatibility of some of the commands and I ran into an erro...

Network Security

Forum Posts

Denied Attackers behavior

ASA geographic / long distance LAN failover

Resolved! Udp Routing Problem - ASA

DNS rewrite for non-existent record?

question on setting boot images

Resolved! FWSM and Etherchannelling

regexp end of string in Service Policy Rules

same interface for the multiple context

Distance Between Two Firewalls in Cluster

Resolved! FTP poblem in Site to Site IpSec VPN

Resolved! IPsec Tunnel VPN - PIX FIREWALL

Resolved! Power consumption via SNMP

NAC upgrade 4.6.1 to 4.7.2

Resolved! PIX 515e Simple LAN > DMZ issue

ipsec tunnel on pix 501

Reuse Object Group in a single ACL line

CSCwm49782 - enhance sma 2nd cruz heartbeat logging

FMC 7.4 and multi-instance FPR3130 chassis upgrades

Announcing the release of Firewall Migration Tool Version 7.7.10

CSCvx25052 - DOC: FTD Syslog messages 43000x missing from FMC

ACME on ASA

Snort3 rate filter

PBR with AnyConnect

FMC: Automatic renew certificates?

Finding the forgotten IP address of a Cisco PIX 506E