Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

Resolved! NAC Upgrade question

I am planning to upgrade our CAS and CAM systems from version 4.6.1 to 4.7.2. The documentation states that "Cisco recommends you do not perform this upgrade procedure over an SSH connection, as the steps necessary to reboot the appliance during the ...

Resolved! Deny IP spoof from (127.0.0.1)

Greetings!I have recently began to receive these errors on my ASA 5510. I've done a debug when it occurs but haven't noticed an unusual traffic coming from the internal or external network.here's the error:2|May 03 2010|12:04:08|106016|||||Deny IP sp...

Port forwarding

How to port forward on ASA 5510?we have tried this configuration, but is is not working. Can you guys tell us what is wrong?ASA Version 7.0(8)!hostname ciscoasadomain-name default.domain.invalidenable password fhi49CaZUyRBMnYZ encryptedpasswd fhi49Ca...

Setting up device in DMZ (SlingBox)

Hello,For those who is not familiar with what is SlingBox is, it basically stream a analog or digital video source over TCP/IP. Is a pretty cool device and it will also stream the video over internet. http://ca.slingmedia.com/go/slingbox-prohdThe s...

ZBF Drops Source Port 0 Destination Port 3

Hi,My ZBF configuration is showing a lot of drops:114110: May 2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)114111: May 2 12:49:43.559 CET: %FW-6-LOG_SU...

Define QoS on ASA only in specific hours

Hi,I am looking for the way to define QoS policy on ASA 5520 only from 8:00 till 16:00We use Cisco security manager and cannot find option to specify time interval.I didn't find such option in ASDM as wellCan you help me?Thanks, Igor

SDI AAA authentication for ASDM/HTTP access

Hi, I have two pairs of Cisco ASA firewalls (5510 and 5550) These has been configured foto authenticate SSH and HTTP connections by SDI/RSA SecurID.Recently this has stopped working and each time I try to re-enable it, I get the following error:ASA(c...

Natting on ASA

Hi, We having Ethernet connectivity terminated on Cisco 5520 ASA firewall. 172.16.100.15/28 IP pool is allotted by our provider for the connectivity. 172.16.100.16 is configured at Provider’s router interface. 172.16.100.17 is configured at our ASA f...

Resolved! Access FTP Sever in inside interface with Public IP

Hi,I have a ftp server in my inside zone of ASA, One of my application team needed to access that ftp server in the inside interface with the Public IP. If they were using a url for that I could have used "dns doctoring". I tried with the following N...

enable ping to public vpn profile ip

How i enable ping to public vpn ip.for example my outside interface is 172.20.10.2 and my public profile vpn ip is 217.122.142.198, and i need to ping to this public ip from another network.

Disk Wiped On Cisco ASA 5505

Hello,My Cisco ASA has suddenly lost all of its disk images although the disk is still intact.Is there a preferred way to restore this to factory with the software back on it ?Any help much appreciated.Thanks.S.

ASA5505 security+ problem with NAT

content removed....

Resolved! ICMP & ICMP Error Inspection

I'm currently running PIX 7.0.4.10 and preparing for an ASA conversion. In anticipation of the move I've been cleaning up the configs and decided to turn on ICMP &ICMP Error Inspection so I could get replace the "permit icmp any any" statement on my...

What do people use to document an ASA

Hi, I was wanting to know what people use to document firewall rules. We have a reasonably complex set of rules and NATs etc. At present I am using Excel as I think it would be very difficult to make an easy to read Visio diagram. But Excel is not t...

DCE-RPC uuid oriented inspection ACL

Hi all, did someone successfully applied ACL for MS-RPC service in an ASA or a FWSM ? There is a lot of example but it seem to be generic parameter.We are requested to do as some other manufacturer does, by specifying RPC access based on UUID . (ie...

Network Security

Forum Posts

Firewall Migration Tool v7.0.0.1 now live!

Resolved! NAC Upgrade question

Resolved! Deny IP spoof from (127.0.0.1)

Port forwarding

Setting up device in DMZ (SlingBox)

ZBF Drops Source Port 0 Destination Port 3

Define QoS on ASA only in specific hours

SDI AAA authentication for ASDM/HTTP access

Natting on ASA

Resolved! Access FTP Sever in inside interface with Public IP

enable ping to public vpn profile ip

Disk Wiped On Cisco ASA 5505

ASA5505 security+ problem with NAT

Resolved! ICMP & ICMP Error Inspection

What do people use to document an ASA

DCE-RPC uuid oriented inspection ACL

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

FTD reboots and the active firewall losts all of the User ID entries

ASA AD LDAP Authorization belonging to multiple groups

Cisco FTD workaround for SSE connector failure stumbled on rights priv

Assigning an EtherChannel Subinterface to an Instance via FMC API

Secondary FMCv in HA - migration to new data center process

Cisco Packet Tracer ASA 5506 Prevents Access to DMZ Servers

Firepower 7.42 issue interface Management0 has no link

FirePower onboarding to FMC first policy deployment failure

Questions around Dynamic Attributes Connector - FMC integrated

FTD not backing up config to remote server