Network Security

Resolved! ASA 5505, 8.3 Inbound traffic rejected after reboot

When moving to ASA 8.3 I wanted to learn the new NAT features. However, I have encountered an annoying problem.After a reboot, inbound traffic is blocked. I have to disable-apply-enable-apply all the ACL firewall ACL entries rules - all together - fo...

Resolved! NAC multiple issues

1st qeustioni am trying to pass my wireless users through nac. i have catalyst 3560 switch to which everything is connected to including the nas,nam,wlc and ap.the problem is i can see the wireless users registered in the nam but they are unable to p...

Please check my configured PIX 506e.

Above is an easy diagram for my network.Background of my work is1. Replace firewall from Watchguard III 700 to spare PIX 506e.2. I have 8 public ip address from ISP. Just only one ip address that registered PTR. So I have to used that for PAT and my ...

NAC 4.7 "CAS unavailable" temporary role

I have a VGW, OOB with layer 3 enabled pilot deployment right now. Everything looks fine. However, about30% of the time (and its increasing) when I log on using the 4.7 agent, the agent will give me the error that the cas is unavialbe on the network....

How to Reduce the CPU Utilzation

Dear All,There is one Public IP through which someone trying to access FTP Server which located inside my LAN. My query is due to contoneous request for accessing to that Particalar Server, Firewall CPU Utilization going High. Is there any option to ...

DDOS/DOS/SYN Attack Mitigation

Dear Team,Can I know the varios methods/conf to mitigate DOS/DDOS/SYN Attacks thru ASA?How we will detect that we are under attack. What are the tips and Tricks??Regards,Manu B.

Need method to identify new hardware on the network

We have had a request to configure ASAs (or routers if necessary) so that we can be notified when new devices are added to the network (PCI compliance requirement).Cisco pre-sales says that there's no way. Surely with SNMP, TCL, EEM, or other, there...

ASA & VOIP

I have almost 30 VOIP ( Packet8 ) phones , divided on three different location . Out of these three location 2 have ASA5510 as firewall & the 3rd side is uisng a linksys WRT54g Device. I have noticed that we are facing multiple issues with VOIP devic...

error when applying nat & global

I am building fresh setup for an ASA and when trying to NAT & GLOBAL I get the following:ciscoasa(config)# nat (inside) 1 0.0.0.0 0.0.0.0ERROR: This syntax of nat command has been deprecated.Please refer to "help nat" command for more details.ciscoas...

Resolved! ASA capture utility / IP spoof

Hello,I had received couple of notifications from ASA regarding IP spoof attempts::Jul 21 14:06:56 EDT: %ASA-session-2-106016: Deny IPspoof from (127.0.0.1) to 64.x.x.x on interface insideI wanted to get some more info to eliminate any infected clien...

ASA network topology and mgmt interface

Hello,I am implementing ASA 5510 for SSL Anyconnect client RAS only. It will be a part of existing firewall infrastructure.ASA has a public internet (outside) interface to setup a VPN tunnel and should route all the RAS users traffic to internal ne...

NAC Appliance

I have two questions about the NAC Appliance:1. I have understood that for every vlan access must have a vlan authentication, is there any way to minimize the amount of address for the vlan authentication, eg. if I have 4 access vlan in the same bui...

ASA 5505 8.3 ACL Dropping Packet - Please help

message removed.

How to see mac address in IPS 4240 ???

Hi all,How to see mac-address of inline-vlan-pair ? and how to see mac-address of management interface in IPS ?Regards,Kiran

ASA 5550 - Context load order on reload / powercycle issue

Hi,I've encountered something a little strange.I'm currently running 15 contexts on a 5550 which are loading their configs from an FTP server (albeit temporarily!) using the config-url ftp://xxxxx line in the context configuration.The admin context i...

Network Security

Forum Posts

Resolved! ASA 5505, 8.3 Inbound traffic rejected after reboot

Resolved! NAC multiple issues

Please check my configured PIX 506e.

NAC 4.7 "CAS unavailable" temporary role

How to Reduce the CPU Utilzation

DDOS/DOS/SYN Attack Mitigation

Need method to identify new hardware on the network

ASA & VOIP

error when applying nat & global

Resolved! ASA capture utility / IP spoof

ASA network topology and mgmt interface

NAC Appliance

ASA 5505 8.3 ACL Dropping Packet - Please help

How to see mac address in IPS 4240 ???

ASA 5550 - Context load order on reload / powercycle issue

pxGrid session subscription missing radius accounting session Id

Model Migration - 4110 Native to 4225 Instance S2S VPN Configs

ASA upgrade procedure on Hyper-V

Announcing the release of Firewall Migration Tool Version 7.7.10

CSCvx25052 - DOC: FTD Syslog messages 43000x missing from FMC

How do objects import when importing an ACP from one FMC to another

Using Flex configuration for PBR

FTD VPN Issue

FTD Route based VPN

Modifiying FTD instance on FTD3130