Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

2 site-site VPNS, PING behaves differently

Site-Site VPNs on an ASA5510, trying to ping between the Local Hosts. One VPN the PING gets reply, the other it doesn't.Where it works the Log Viewer shows me traffic btween LocalHost/512 and LocalHost/0 - using port 512? Where it does not work I s...

Resolved! IPS 4260 failover

Do they support active passive failover. And can you just use one sensor and set it to fail open?

ASA WCCP multipkle service groups same interface

Hi Guys,I am trying to configure WCCP as I have 3 DMZ off my firewall each containing a cache engine for each particular network segment, i.e london, berlin, paris.I only have 1 inside interface and I want to redirect clients based on src ip to which...

Resolved! IPS 4260 sensor - NIC ports

The IPS 4260 only comes with 1 NIC port, does this mean it can only operate in promisicious mode, and will have to buy additional NIC interfaces to run inline?

IPS-SSM password recovery

Deal ALL,can anyone tell me how to reset the password of IPS-SSM-10 module on ASA 5510 as the Image of the module is IPS-SSM_10- 5.1(5)E1.

Blacklist netmask: ASA5510 botnet filter

I am testing IP blacklists through the botnet filter. If I try to add: 62.5.128.0/17 to the blacklist - I get the error message 'The netmask is not valid'. Can anyone explain that? I mean, that is a valid netmask is it not?

Incoming traffic one interface and users outgoing on another using PIX 515

Hello every one, I currently have a PIX 515 6.3 set up in the following way 4 interfaces: nameif ethernet0 outside security0nameif ethernet1 inside security100nameif ethernet2 outside2 security50nameif ethernet3 outsied3 security50 I have all my pub...

Cisco VPN Client to Linux

Please, I need to know why the Cisco VPN Client(.pcf) to linux lost the password after the first connection. I need fix the password of client forever. Is necessary configure anything on ASA.

DMVPN_ is it possible to have dynamic public IP address at the HUB

Hi Experts,i have 5 sites with ADSL internet connectivity with dynamic IP addressign, is it possible to connect those sites without need to have public static address at Hub ( HO) .. no way to get static public IP address from that ISP.. so i dunno ...

FWSM with HSRP on 6513 Core switch

Hi All,i have two 6513 core switches and there's 100 Layer 3 Vlans on the core switches.we had configured HSRP on the core switches to provide redundancy between that 100 vlans.NOW, i want to add FWSM on each core to restrict the access between that ...

telnet/ssh over a Site2site VPN

Greetings All, I have to sites, Site A and Site B connected over a site to site vpn tunnel (both site terminated by PIX (7.2(3)). I am able to establish the VPN connection properly so that host from both sites can access each other. My issue is i nee...

IPS Speed & Duplex settings

I have a 4240 inline between an ASA and a Switch, and am experiencing errors on the switch indicating receive discards.The devices are directly connected like this, ASA --- IPS --- SWITCH. The ASA and Switch have the speed/duplex fixed to 100/Full, ...

design question - AIP-SSM-10 in front of DB

I have an ASA 5510 and was considering putting my organization's database servers on their own interface. The reason I want to do this is to examine all traffic with my IPS sensor to/from my databases. Is it a "best practice" to do this? TIA

Resolved! NAC managed subnets

Hi, I am implementing NAS OOB,L3,RIP. we are using multiple sites with different subets over MPLS. for managed subnets configuration, do I need to enter all subnets from all remote location to the NAM? If you explain little more about managed subnets...

DNS rewite and overloaded NAT

We have a PIX515. On the inside is a mail server and clients. We have a dynamic NAT to the outside address overloaded by a static on port 25 for inbound mail. On the DMZ is a Web server that has a dynamic NAT to the same outside address plus overload...

Network Security

Forum Posts

Firewall Migration Tool v7.0.0.1 now live!

2 site-site VPNS, PING behaves differently

Resolved! IPS 4260 failover

ASA WCCP multipkle service groups same interface

Resolved! IPS 4260 sensor - NIC ports

IPS-SSM password recovery

Blacklist netmask: ASA5510 botnet filter

Incoming traffic one interface and users outgoing on another using PIX 515

Cisco VPN Client to Linux

DMVPN_ is it possible to have dynamic public IP address at the HUB

FWSM with HSRP on 6513 Core switch

telnet/ssh over a Site2site VPN

IPS Speed & Duplex settings

design question - AIP-SSM-10 in front of DB

Resolved! NAC managed subnets

DNS rewite and overloaded NAT

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

FTD reboots and the active firewall losts all of the User ID entries

ASA AD LDAP Authorization belonging to multiple groups

Ansible with FTD_FMC 7.6

Cisco FTD workaround for SSE connector failure stumbled on rights priv

Assigning an EtherChannel Subinterface to an Instance via FMC API

FirePower onboarding to FMC first policy deployment failure

Questions around Dynamic Attributes Connector - FMC integrated

FTD not backing up config to remote server

Factory-reset FTD 1120 "application installation failed. Launching.."

IPSec VPN between C.2811 and Firepower with only Real IP addresses