Network Security

Managing 5520 Failover Cluster

Hi,I've configured a active/passive cluster with a couple of 5520s. When making changes to the cluster, I don't worry about primary/secondary or active/standby, I simply use the ip address of the active ASA.Is this ok/normal/best practice? Does it ma...

Remote access and site to site on the same ASA

I am using an ASA 5510 for both remote access and site to site VPN. Is there a way for the remote access clients to access the remote sites via the site to site tunnels? I have included the IP address range of the remote access clients in the crypt...

ASA 5505 - Dynamic Access Lists (Lock and Key)

Hello All,I have an ASA5505 appliance and want to create a dynamic access list like in this example (http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scflock.html)But I can't figure out how to do it on my ASA.Basically I want the...

ASA5505 QoS for Voice using EZVPN

My customer has a 5505 at home that is using EZVPN back to a 5510 head end. Behind the 5505 he has a laptop and a Cisco 'Soft' phone installed upon it. He can make calls but is getting only one way audio. People can hear him but he cannot hear any...

WEBVPN/SSL VPN doesn't work over WLANs

Hi,Please can someone help me establish why only wired connections (outside the network/over the internet) are able to connect to SSL VPN?If I use a wifi connection at any location outside of my network, then I cannot connect to my SSL VPN. I can on...

ASA config HELP

how do I configure the following ACL on the ASA.Program: EmployerCDROM.exe Address: 127.0.0.1Port: 46720Direction: InboundProgram: EmployerCDROM.exe Address: secure.gateway.gov.uk Port: 443(HTTPS) ...

Syncing Pub-keys to Standby-Unit

Hello,we're running a Pix 515E-Pair with Version 7.0.4 in Active-Standby-Mode. After a Crash and resetting the Standby-Unit, the Unit does not receive the whole Configuration, the Public-keys are missing! Is it possible to export the Keys manually to...

ASA config help - DNS

Hello. I recently replaced a router with an ASA 5505. The router was set-up as the primary dns server:ip dns serverip dns primary [url] soa [url]Is there a way to replicate this on the ASA?

sweep signatures and summarization

Hello, everybody!I try to use summarization for sweep-engine signatures. I use for my test signature 2100 "ICMP Network Sweep w/ECHO". I set unique parameter to 10 and Summary mode to "Fire All" with Summary Threshold set to 3. After that I made simp...

Resolved! Order of operations

Can anyone point to a list of traffic flow order or order of operations doco for the ASA 7.2.xI only seem to be able to find one that relates to IOS CBAC.I'm trying to answer a client's question (reference needed): Will Inbound encrypted communicatio...

Resolved! Unable to load IOS on ASA through ROMMON mode

Hi, I am unable to install an IOS on my Firewall (ASA5520) through tftp in ROMMON mode after repeated attempts. When i restarted my Firewall i got the message "Checksum verification on compression loader failed". I thought that my IOS File was corrup...

How to force ASA to use udp/4500 all the time?

Hi all, I just want to know how to force ASA use udp/4500 as a phase-II of IPSec VPN all the time. How to disable Automatic NAT Detection features? Toshi

ASA CPU Peaks

Two questions really.Q1. What is a safe peak for a cluster (Active/Standby) pair of ASA 5520's?During different times of the day, I can see major peaks that push the ASA cluster into the high 80's and low 90% utilization.Q2. To combat these peaks, I'...

Firewall and OSPF - Passive interfaces??

I have a pair of ASA5550 with OSPF enabled on the outside interfaces with our internet routers. Firewalls get the candidate default route from the internet routers.Anyway, when I do a "sh ospf interface" all interfaces are listed under area0..it sh...

Resolved! Upgrading PIX

HiI have a PIX 515E that i have to upgradecurrently it's running 6.3(5)and i'm going to 8.0(4)28,what i wanted to know is do i have to upgrade to 7 before i can upgrade to 8.Or can i go directly to version 8

Network Security

Forum Posts

Managing 5520 Failover Cluster

Remote access and site to site on the same ASA

ASA 5505 - Dynamic Access Lists (Lock and Key)

ASA5505 QoS for Voice using EZVPN

WEBVPN/SSL VPN doesn't work over WLANs

ASA config HELP

Syncing Pub-keys to Standby-Unit

ASA config help - DNS

sweep signatures and summarization

Resolved! Order of operations

Resolved! Unable to load IOS on ASA through ROMMON mode

How to force ASA to use udp/4500 all the time?

ASA CPU Peaks

Firewall and OSPF - Passive interfaces??

Resolved! Upgrading PIX

Unable to edit and save a text object

CSCwo71835 - The NAS-IP-Address attribute is missing

FMC API to get real time VPN/S2S tunnel and CPU/Memory perf metrics

Firepower 2130 -how to resolve plugin 70658 SSH Server CBC Mode Cipher

Yubikey for authentication to protected applications on FTD

SSH with X509v3 certificates

FPR‑4145 EOL/EOS ?

Firepower 4125 - how to resolve plugin 157288,

Cisco FMC QoS filtered by application

Disable checking of SIP traffic on FTD via FMC