Network Security

Hi,On FWSM running 3.2 OS, the sysopt connectione tcp sack-permitted is enabled by default.  Because of the tcp randomization that is enabled too by default the tcp selective acknowledge feature is not usefull.  I'm planning too disable the tcp-sack ...

Hello all,I have a lan2lan vpn on an ASA 5520 and am trying to limit the bandwidth of this tunnel going outside.I have created the following configuration, but it is not working:class-map 1.1.1.1_CM match tunnel-group 1.1.1.1 match flow ip destinatio...

How can we upgrade the ips module ? I need to add the known host (scp server) to the ips module but I couldnt. How can I add this host manually? It cannot retrive from the server automatically... It asks for public exponent.Thanks

Hello,I am currently setting up a few switches and one configuration point is to secure acccess via telnet from only certain IP'sI have created the access list as shown below :access-list 20 permit 192.168.1.0  0.0.0.255 access-list 20 permit 10.44.1...

I have the following network as shown. I seem to have some problems configuring routes for the ASA 5510.I need hosts on 194.1.10.0/24 network (HEADQUATER) to be able to ping the hosts on 194.1.20.0/24 (BRANCH). But hosts on the headquater network can...

i. How often should I upgrade the ASDM and ASA software?I am confused by the versions on the downloads section of the CISCO website - do I pick the latest version without an ED for stability?ii. Is there a correct order? DO I updgrade the ASDM softwa...

Greetings,We are running several ASA 5540 pairs in Active/Active transparent mode (software version 8.2(1).)  We are trying to find an explanation for some curious syslog traffic generated by these pairs.No nat-control is enabled.  Security levels ar...

We are using Cisco IDSM-2 for a e-Commerce client. The Auditor from the client wants to know that how the IDSM get access to the decrypted SSL traffic? To do so, do we have to import the servers' certificate and private key into the IDSM?Are there an...

Hi allWe are planning to authenticate the remote site VPN users using certificates, presently they are authenticating with ADS server. we are planning to use our own certificate server. can any body tell me how to configure this certificate authentic...

Hello,We have a .Net application running on web server farm.CSC-SSM is used for perimeter http protection.I can find the below errors via email notification- The InterScan for CSC SSM detected an attempt to transfer a blocked file titled banner4.swf....

We have a company website and when an image is changed the old image is still seen on the website internally. The image name is the same so I am suspecting it is cached on the ASA. Is there a way to clear this without reloading? Thanks.

Hi,My question concerns the way to send SNMP traps as an alert format.I am totally aware that the AIP-SSM/IPS 4200 does not support syslog as an alert format.The default method is through SDEE but I really don't want to use MARS to get my security ev...

Hi all,I would like to know what commend to use to inspect or review which ports are blocked or open on the ASA 5505.Thanks in advance,SK