Network Security

ASA CPU Peaks

Two questions really.Q1. What is a safe peak for a cluster (Active/Standby) pair of ASA 5520's?During different times of the day, I can see major peaks that push the ASA cluster into the high 80's and low 90% utilization.Q2. To combat these peaks, I'...

Firewall and OSPF - Passive interfaces??

I have a pair of ASA5550 with OSPF enabled on the outside interfaces with our internet routers. Firewalls get the candidate default route from the internet routers.Anyway, when I do a "sh ospf interface" all interfaces are listed under area0..it sh...

Resolved! Upgrading PIX

HiI have a PIX 515E that i have to upgradecurrently it's running 6.3(5)and i'm going to 8.0(4)28,what i wanted to know is do i have to upgrade to 7 before i can upgrade to 8.Or can i go directly to version 8

IPS Engine Upgrade

Hi all I have an IPS running 6.1(1) image with E1 engine.I want to upgrade this to E3.Is to possible to upgrade directly to E3?.What are the things to consider for upgrading the Engine(i want to upgrade manually)? Is there any advange on E3 over E2 ...

How to block FileSharing

I have a natted network , all the users in side are accessing one global server Exchnage server xx.xx.xx.21, now i want to implement a rule in my local firewall to block traffic , so that usera cant not access this global server \\xx.xx.xx.21 using f...

Resolved! ASA sub-interfaces problem

When configuring a CatOS switch to work with the ASA sub-interfaces, are these the right commands? Thanks much.clear trunk 2/28 1-91,94-1005,1025-4094set trunk 2/28 on dot1q 92-93

Resolved! identity nat vs policy nat

Is using identity nat as compared to nat exemption merely a preference, or are there benefits to one over the other? I've changed all of my identity nats over to policy nat, but I'm not sure (other than ease of reading and it doesn't add to the xlate...

Static NAT on ASA using IP from a unconnected subnet

Hi,Is it possible to create a NAT statement on an ASA that NATs a source address to an IP address that is not part of a subnet on the ASA?I want to NAT a source address from the inside interface to a public IP address. I will configure a static route...

PIX 515E upgrade problem

Hi Problem1: I am trying to upgrade pix 515e from 6.3(1) to 8.0(4) version in monitor mode and I am not able to do that. monitor>interface 1 address 192.168.16.250 server 192.168.16.20 (my laptop with tftp program on) file pix804.bin tftp I get the b...

Ddos Problem

We have an IRC Network based on IRCD, we keep getting ddosed by people, servers are falling apart, so we currently did not find a way on how to block the ddos packages,i was wondering if you could be kindly and suggest me somethin about it , anything...

Cisco ASA best practise

Is there any doc which tells about the best practice on ASA.Like the one we have on C6500.Awaiting reply,ThanksRaj

Cisco 1711 - Easy Vpn - conenct to the internet thru vpn

hi there,I'd like org users to connect to the internet thru vpn once conenction established. I have an easyvpn server installed on cisco 1711 router.Users can connect to the vpn but uable to browse the internet.Need help please :) - I have attached m...

Policy NAT

So, I was doing some testing this weekend, and I had noticed something that I wanted someone to verify my findings. In an ASA, if I create an acl and policy nat, it seems that it's two directions.access-list NONAT permit ip 192.168.1.0 255.255.255.0 ...

Resolved! Using PAT for many users

All,Is there documentation somewhere that states how many users can run behind pat? I've got between 300 - 1000 at any one time that can be on, and currently I'm using the interface address on the asa to do this with. I was wondering if I needed to s...

Anyconnect Vista install error

I've tried to avoid Vista, but unfortunately I have a couple customers using it. I get two errors when trying to install the Anyconnect client when they access the SSL vpn site. "The VPN Client agent was unable to create the interprocess communicati...

Network Security

Forum Posts

ASA CPU Peaks

Firewall and OSPF - Passive interfaces??

Resolved! Upgrading PIX

IPS Engine Upgrade

How to block FileSharing

Resolved! ASA sub-interfaces problem

Resolved! identity nat vs policy nat

Static NAT on ASA using IP from a unconnected subnet

PIX 515E upgrade problem

Ddos Problem

Cisco ASA best practise

Cisco 1711 - Easy Vpn - conenct to the internet thru vpn

Policy NAT

Resolved! Using PAT for many users

Anyconnect Vista install error

Hearty congratulations to the December Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

Change IP address of FMC HA standby node

FTD Multi-Instance Data and Data-Sharing Interface

Firepower integration with Openldap

Adding Clustered node in SNMP manager gives error duplicate name

loug user out by himself

Internal Server Error and Certificate key usage inadequate for attempt

Where to migrate SFR redirect rules on FTD appliance

ASA 9.6 Global Inspect Policy

How to deploy Cisco Firepower Management Center?

Cisco FTD send RST when dropped by Snort / IPS