Network Security

Resolved! ASA 5520

I have an ASA 5520 and the senior engineer wants me to make a login account through CLI that the helpdesk can use just to view but not make any changes.Can i do this or do i have to use the ASDM software.Thanks in advance and have a great day

Pix 515E 6.3 with two ISP

Hi,I have a Pix515E with 6.3 images. I want to connect two ISP with that PIX, at my PIX default route is specified towards the ISP1 and as per the policy I can not put default route at PIX and at the same time my client should get the internet.Suppos...

ASA Client VPN no translation group problem

I have a client VPN setup on ASA 5520 code 8.0, which connects okay and I am able to ping VPN devices from my local LAN. However I cannot ping the local LAN from the VPN devices themselves. The ASA reports that No translation group can be found in th...

Resolved! asa lan failover best practise with failover link instability

Hi, I'd like to modify default parameter to avoid fast failover events, in case of failover link instability.I prefer to delay the failover switch rather than two asa active .Is there a solution to avoid the 2 asa active state on the same time ?thank...

ASA5505 with two ISP, can I load balance VPN?

HiI've got a site running on an ASA5505 with a single internet connection and a single VPN tunnel back to the head office ASA5510. This site is trying to improve their available bandwidth as well as network stability. Is it possible to setup this ...

Deny HTTPS "CONNECT" to ip-base url @ ASA/FWSM

Dear All,we are having problem as end users have a lot of spyware/walware and have illegal proxy install in the lan.One of the idea is to deny HTTPS or "CONNECT" type http, at the "inside fwsm/asa" to any ip-base url destination. Since the ip-base ur...

ASA active-standby peferred active

Hello I have two ASA 5510 in active standby configuration and it workes quite fine. When a failover occures, the secondary unit keeps active, even if the primary is healthy again. Is it possible, to *automatically* make the primary the active one, if...

Resolved! Log Access List - External syslog

Hi All,Has anyone ever setup their ASA to log to an external server what traffic is going flowing thorough access-lists?I dont want to have to analyse the traffic with capture as i would prefer to let the logs build up over a couple of weeks. I want...

Quick question - CSA agent 6.0.0.220

Will the CSA agent 6.0.0.220 work with Linux 32 bit and 64 bit Kernels??

Site to Site Doc Clarification, please

In the following doc:http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/5505GSG.pdfPage 150 is not clear. In the example, they have test for local networks and 209.165.200.225 for remote. I am not sure what is tes...

Multiple Outside IP Addresses on ASA

I seem to recall having some issues with this a while back (like 5 years ago) and am curious if this is still an obstacle when configure on a ASA 5520.The ISP has given me a block of 8 IP addresses. Is there any trouble with PATing the IP addresses ...

basic multicasting through 5505 7.2 - routed

what basic requirements are needed to allow multicast traffic through a routed(not transparent) 5505?outside users (source) are accessing inside (destination) server running multicast application.FYI, server's inside IP address uses a public IP (not ...

IP address for AIM-IPS-K9 Sensor

I am trying to configure an IPS sensor for the first time and need to configure an IP address. I am confused about what IP address to use. I am probably over thinking this, but does the sensor get an IP address in the same range as the GI0/1 IP add...

Resolved! Can't access FTP server over Internet through ASA

Hi,This was all working so I'm not sure what has changed.We have a windows 2003 FTP server that we can access internally fine. Usually we can access over the Internet using it's public IP, but it has stopped working.I have the following rules:access...

ASA - Port based NAT'ing of outside source addresses

I am in the process of migrating web services from Checkpoint to ASA. Can I NAT the source address of incoming packets destined for a web server on port 80? The intent here is to be able to migrate a webserver at a time. NAT'ing of the source addr...

Network Security

Forum Posts

Resolved! ASA 5520

Pix 515E 6.3 with two ISP

ASA Client VPN no translation group problem

Resolved! asa lan failover best practise with failover link instability

ASA5505 with two ISP, can I load balance VPN?

Deny HTTPS "CONNECT" to ip-base url @ ASA/FWSM

ASA active-standby peferred active

Resolved! Log Access List - External syslog

Quick question - CSA agent 6.0.0.220

Site to Site Doc Clarification, please

Multiple Outside IP Addresses on ASA

basic multicasting through 5505 7.2 - routed

IP address for AIM-IPS-K9 Sensor

Resolved! Can't access FTP server over Internet through ASA

ASA - Port based NAT'ing of outside source addresses

Reuse Object Group in a single ACL line

CSCwm49782 - enhance sma 2nd cruz heartbeat logging

FMC 7.4 and multi-instance FPR3130 chassis upgrades

Announcing the release of Firewall Migration Tool Version 7.7.10

CSCvx25052 - DOC: FTD Syslog messages 43000x missing from FMC

ACME on ASA

Snort3 rate filter

PBR with AnyConnect

FMC: Automatic renew certificates?

Finding the forgotten IP address of a Cisco PIX 506E