Network Security

I have had a good look on CCO and it seems that if the pair of PIX firewalls are less than 6-feet apart then use the serial-based failover. Since the ASA doesn't have this capability is this still the recommended way to deploy a failover pair of 515...

Hi--First time poster so please go easy... I'm having what I think is an issue with my ASA config. I'm trying to add a DMZ and its not working. My network is somewhat unique in that I have a requirement to use all public IPs for all interfaces. so no...

I enabled smart tunnels for RDP usage, I also turned on auto start for the smart tunnel. My problem is if my users don't click on the logout button on the web page when they are finished , (they just "x" out of the browser), the tunnel stays up. ...

I have a user who keeps losing her connections. After several trouble-shooting attempts, I uninstalled, shut down then reinstalled the VPN client. We have several connection points and she can only connect to one of them. After I reinstalled the VPN ...

Hi, How to test an IPS.Is there a tool that can help us to test that all rules in the IPS work normaly.Best regards,Antra

Hi all, soes anyone know the message ID for syslog, that is created when someone connects remotley to my asa using vpn client?cheers

I have setup a L2L VPN for a customer in which the vendor requires their IPs to be natted when they come across. So, I have setup policy nat on their pix for the L2L VPN. Here is a snip of the NAT config: access-list nat-to-vendor permit ip 192.168...

Can I upgrade a failover pair from 7.0(1) to 7.2(4) directly without having to upgrade to a 7.1 version first? These are being done on a 515-E pair, can this still be done with a zero downtime upgrade?

Dear ALL,I've implemented a test configuration like cisco document ID 82020, but a single Lan-to-Lan and a remote VPN access. Lan-to-Lan behaviour is ok and remote access seems to be running within the first lan, but if I try to ping hosts on withind...

Hi, I have three policies (see below)which make up a crypto map policy on a security device. How does policy 10 match traffic if there is no "match address" statement? This is the peer I wish to edit but don't know how it is matching? Is there a defa...

Can anyone help? I am unable to access the management interface of my ASA unless I am in the same subnet. There does not seem to be any way to give it a gateway address. So I have to manage the ASA inband via the inside interface.The interface config...

Hi all.We have several remote sites, connecting to headcuarters over IPSEC vpn to a Concentrator 3560.The concentrator have a public ip, and the internal interface is on a DMZ firewall.We need to tunneling all remote sites traffic including internet ...

We are switching providers & need to know if I can route/NAT both providers at the same time. By having both providers connected on different interfaces it would give me the ability to test the new ISP & would give me the flexibility to make changes ...