I have 14000 ACEs under one ACL. Actually I want to block whole of the world except North America and Mexico. Any idea how to optimize this list . Any tool
I have NAC configured and running in an OOB deployment using Window SSO. Most users authenticate into their computers and then NAC does the login and posture assessment using SSO and those credentials.We have a few users that have the Clean Access Ag...
Can cisco NOT perform reverse lookup in MAC table when installed in layer 3??? I heard it only works in (Transparent mode) function, which means no NAT/PAT and VPNs. Is that true or not? Can you please guide me to a link?
Hi all,I have a pair of ASA 5540 that I will be configuring for Active-Active Failover. I have some questions regarding the capacity of both firewalls when configured for Active-Active Failover.Since the ASA 5540 supports 650 Mbps of throughput, will...
I have 2 FW ASA at network. The Active ASA responds ping amd snmp request, and standby responds timeout to request. The other items of the network also responds to this requests.How i have to configure the standby ASA to responds snmp peticions??
I need to be access network resources on the outside from the Inside interface IP address. I have been unable to pass any traffic originating from the INSIDE interface adress to anywehere on the outside of the network. Other INSIDE traffic is working...
I currently use IOS Classic Firewall on my routers and I am now testing the Zone Based Firewall feature, but it is behaviing differently with NAT than I expected. My requirement is to allow only certain hosts access to the Internet, and currently I u...
from my config they look to be doing the same thingservice http-https, servicee tcp-udp and service tcp-8301 appear to be doing the same thing..allowing multiple protocolshowever 2 are configured as port-objects the other service objectsobject-group ...
I want to be able to set up multple pats on an asa5550 and want to map groups of hosts to pats based on the host bit.example:pat 1, host bits end in 111pat2, host bits end in 110pat3, host bits end in 100.Is there are way to do this on an asa5550 run...
Was wondering if someone could help since I've never set up a rule that did a port translation, one of our groups has requested the following: they need a rule permits port 21 and translates it to port 2121 for the following IP 10.0.0.2. The ftp dae...
Hi!I been thinking quite a long time over this and i hope anyone here could help out.Is it possible to "route" traffic through outside interface and depending on what ip adress you are coming from you are directed to a specific ip on the inside? I kn...
Hello,I have a Cisco Security Manager that i use to make changes on 2 corporate firewalls. The idea is that both firewalls will get the same set of rules applied to both when making any changes.I am trying to push a VPN update to both today. One ta...
Hi!For hosts on the dmz when connecting from the inside we use the static with dns command for dns rewrite (external dns) , but i would like to use this for the ip/dns on the outside interface to, is this somehow possible, to rewrite the external out...
