Network Security

Hi All,Hope you can help me with my little problem. I am new to Cisco and I started to configure my Cisco ASA but I am unable to ping External interface address from Internal hosts.What I wanna do is to nat internal address with the external interfac...

Hi all,Basic questions before the details: Does an explicit deny on an ASA 5510 7.2(2) send a RST packet back to a SYN scanner? Why does it not just drop the packet? Can I make it do so? Do I understand what I'm doing? :)Details: Got a client running...

I figure it's not possible but I'm asking anyway, is it possible that when a standby unit takes over and the active becomes available for the active to somehow preempt the standby and take over in a similar fashion to HSRP?

Dear All,I connected one IPS (4240) inline between 2 Firewalls and 2 DMZ switches as following;FW1 e1---IPS 0/1, FW2 e1---IPS 0/3,DMZ1 Switch1 fa0/1---IPS 0/0, DMZ2 Switch2 fa0/1---IPS 0/2.I made 2 Pairs;PAIR 1: Gig 0/0,0/1, PAIR 2: Gig 0/2,0/3.I as...

Hi all,There's something wrong with my NAT rules, this much I know, but rather than bang my head against a wall, could someone throw a light on what i've done wrong here?It's a mix of sdm and sample configs that has got me to this point. The VPN clie...

Hello all, thank you in advance for any and all suggestionsI have inherited a network with redundant 6509 "DMZ" switches with a single FWSM installed in each - routed, single context, in failover configuration. Each FWSM has multiple VLAN interfaces...

I've got a 5505 for use as a transparent firewall. As I understand it, I can only have an inside and outside interface. I have 4 servers to protect, 2 of them share the same ip range as the the subnet they will be plugging into, however there are 2 o...

Hi there,I upgraded our PIX from 6.3(2) to 6.3(5). The upgrade went fine and everything seems to be working.But we are discovering very slow internet connection now. Especially http traffic is very slow and doesn't work correctly. Did Cisco do some ...

All,If I have some networks:10.125.0.010.126.0.010.127.0.010.128.0.010.129.0.010.130.0.0Would it be "safe" to create statics likestatic (inside,dmz1) 10.124.0.0 10.124.0.0 netmask 255.252.0.0static (inside,dmz1) 10.128.0.0 10.128.0.0 netmask 255.252....

We have two VPN Concentrators 3005 (rel. 4.7.1). We set them up as Load Balancing. We are running VPN Client 5.0.3. For some reasons, the VPN client gets disconnected every hour. It said "Secure VPN connection terminated locally by the client. R...

Hi All, I have a DMVPN network up and running.... I need to add configuration for VPN clients...I am attaching my working DMVPN configuration and the additional commands that I've added to try to make the VPN clients work.... (not working so far).My ...

Hello,I got a question regarding a PIX506 with Site-to-Site VPN and TWO IP-Networks on the inside.Currently I got a PIX 506 running with ONE IP-Network (172.16.200.0/24) on the inside and several Site-to-site VPN-Connections on the PIX. The Remote-Si...

More of a sanity check question than anything else:Does the "packets dropped" counter on an ASA firewall interface include just interface drops or does it include ACL rule drops in the count?Ex: Traffic Statistics for "int foo": 576675535 pack...

Greetings, All.Due to a *very* stringent security policy, the users behind a specific ASA 5505 (v 8.04) will only be allowed to access a limited number of web sites. For simplicities sake, let's just say they can only access www.espn.com and www.yaho...

Hi Folks,I am considering deploying a fail-over firewall pair to include IPS modules on a private network. My hardware is provided through a channel partner; maintenance is provided by another entity - so I don't have direct sight of any support cont...