Network Security

Sensor blocking feature

If i already use ACL on router interface and then should i do about the Pre-Block ACL and Post-Block ACL?what router will do the Existing ACL on the Interface?And the name of the ACL used on the router must be in form only?

Resolved! Bridging FWSM VLAN via IDSM

I have briged the FWSM VLANs ( named DMZ,DMZ-BRIDGE) via the IDSM. However, on the 'show failover' on FWSM the server VLAN shows as 'No Link/Unknown'. Is it because there is no IP assigned. Is it the right status/configuration. Do I need to assign an...

Resolved! Cisco ASA virtual NAT

Hi ,I have a question about ASA which i happen to come across Is it not possible to NAT with logical IP addresses or IP addresses for which physical interfaces are not configred on the ASA.If not then how can i NAT for multiple IP pools of my ISP f...

ASA5510, communication across DMZs

I have two DMZsDMZ1192.168.1.1security level 10DMZ2 192.168.2.1security level 5If I want the lower level to be able to communicate with the higher level DMZ:static (DMZ1,DMZ2) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0access-group dmz_allowed ...

Inside to Ouside unable to ping

Hi ,I am using pix515e.I am unable to ping from Inside server to Outside interface but from pix i am able to ping the outside.interface Ethernet0 nameif Outside security-level 0 ip address x.x.x.x 255.255.255.224!interface Ethernet1 nameif Inside se...

NAC FRAMEWORK and Clean Access

could anyone please tell me whether cisco supports both of these now

Routing protocol option in DMPVPN

Hi,We have three sites all connected via MPLS running BGP.We are planning to use DMVPN over MPLS for all the above three sites.We want to have hub & spoke topology.We wanted to decide on the routing protocol to be used within the DMVPN tunnel.We want...

IPS AIP-SM-10 Auto Upgrade Question

Hi all,I'm very new into the IPS configuration.When i enable the auto update form cisco, do i still need to configure the sensor? Are the package files (.pkg) automatically applied to the sensor and capturing/blocking mailicious traffic ?Thanks

Resolved! Configuring secure remote access to ASA

We have IPSEC access to the ASA. The users authenticate using username and password. HTTPS has also been enabled on the ASA. We would like to limit remote management access to the ASA. 1)Are the following configurations accurate?hostname(config)#ssh...

Unable to resolve machine names - Anyconnect

We have an ASA5505 configured for client and clientless VPN access. When using the AnyConnect VPN client, we are unable to resolve machine names without having to fully qualify the domain. For example, instead of specifying exchange we must specify e...

EPRT Request - Any thoughts or suggestions would be apprecaited.

We are using an ASA 5505 in a small office LAN environment. When we try to run the update process on a postage machine (the machine connects to an ftp server to download updates) the process always times out with 0% transfered. I set a capture on t...

Resolved! Password on the ASA5505 console port?

Is it possible to password the console port on a ASA5505 so anyone plugging into it doesnt even get the > prompt without supplying a password? Kind of like putting a password on "line con 0" in IOS.I have a bunch of these 5505's I am sending out to ...

Resolved! Access external Static destined to DMZ from Inside Interface

Hello All:I did a search for past responses but nothing gave a definate response. I was hoping someone could enlighten me with a push in the right direction to getting the proper config for this scenario.I have a test lab, there is a single ASA 5510...

Resolved! vpn default 3 login per account ?

I use a external AD database for vpn authentication login.I just noticed by default, asa only allow 3 simultaneous login per account. I tried to login vpn using multiple PCs with same username, but only can login with 3 PCs, as long as I tried fourth...

How to do souce address NAT

hi, Could you please let me know how to do source address NAT'ing on FWSM.Source IP: 1.1.1.1Ingress interface: DMZ1Ingress subnet: 1.1.1.0/24Egress interface: DMZ2Egress subnet: 2.2.2.0/24The Source IP 1.1.1.1 initiated from DMZ1 should be natted to ...

Network Security

Forum Posts

Sensor blocking feature

Resolved! Bridging FWSM VLAN via IDSM

Resolved! Cisco ASA virtual NAT

ASA5510, communication across DMZs

Inside to Ouside unable to ping

NAC FRAMEWORK and Clean Access

Routing protocol option in DMPVPN

IPS AIP-SM-10 Auto Upgrade Question

Resolved! Configuring secure remote access to ASA

Unable to resolve machine names - Anyconnect

EPRT Request - Any thoughts or suggestions would be apprecaited.

Resolved! Password on the ASA5505 console port?

Resolved! Access external Static destined to DMZ from Inside Interface

Resolved! vpn default 3 login per account ?

How to do souce address NAT

Congratulations to the July 2023 Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

FMC RAVPN with LDAP and ISE user identity

FPR2110 FDM license communication failed.

Application Filtering for Office365

"Failed" successful CSM policy deployments to single ASA context

Multiple Port Channels using same VLANS? FP1010

Cisco ASA FTD br1 management interface

ASA 5505 no internet access from LAN

How to Generate and Install SAN Cert in ASA

Activate license on ESA-C190-K9

FPR 1140 Upgrade Failed - No GUI