Network Security

Cons of VPN hairpinning?

I currently have an ASA providing VPN access into our network. We want to enable client to client communication that looks like it will require that we set up hairpinning via the "same-security-traffic permit intra-interface" command. My boss would l...

Site-to-Site VPN between Routed and Transparent mode ASA firewall

I have ASA firewall with route mode at Main-site and Transparent mode at the remote site, is it possible to configure Site-to-Site VPN connections between these firewalls.

Resolved! Creating CA server Locally in Cisco ASA

HiCan anyone tell me the procedure to create CA server locally in cisco ASA and procedure for publishing it so that VPN user can import it on to the cisco VPN client rather than using any external CA server like from Microsoft CA.I have followed this...

Promoting Secondary/Active to Primary/Active

Hello,I've currently got a single firewall running as Secondary/Active. The Primary firewall is offline. Here is my question:If I change the Secondary/Active firewall to Primary/Active will it do any of the following:1) Create a fail over event?2) Wi...

Resolved! WEBVPN and AD group membership

I desperately need some advice with my WEBVPN authentication design. How would I restrict specific users to only connect to certain connection profile Aliases?For instance. lets say I have GROUP A, GROUP B, and GROUP C as aliases, available on the d...

NAC: OOB --VLAN does not change when user logs out.

I have been experimenting with NAC appliance on a small test network for a little while. I have an OOB Virtual gateway scenario using the Clean Access Agent to perform a very basic AV install and definition check. I am authenticating to a Local DB ...

VPN client

Dear all, i have VPN configuration on PIX.when i logged on with mssvpn group, i cn't ping or access any thing on my network.

Individual Admin Contexts on Active/Active pair...

Quick question:Customer is building a management network within the overall data network. Customer has a pair of ASA's doing Active/Active multi-context with IPS modules. These ASA's are located in two different data centers served by two different s...

PDM location?

When I enabled PDM (so I can manage this guy via web), I noticed it keeps adding "PDM location" for every subnet/host/node etc to my ACLs. How do I stop it from doing that?Example:pdm location 10.10.10.2 255.255.255.255 insidepdm location 20.20.20.1 ...

Management interface

All,What are the pros and cons of using a dedicated management interface for an ASA?Thanks,John

Resolved! IDSM-2 Throughput in Bypass Mode?

HI,i cisco documentation idsm-2 has 500Mbps throughput in inline mode and 600Mbps throughput in passive.so suppose that our idam-2 is in inline mode,then if we put our idsm-2 in Bypass mode,how much traffic idsm-2 can handle without any inspection?(t...

Resolved! IPS Automatic update

I configured Automatic update from Cisco.com on the IPS-SSM-20 and I have a question about how updates work. Updates are related to the Engine and the Signature only, is that correct ?In case that a new signature is posted on Cisco.com does the autom...