Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

Setting up ACL on PIX 515e

Hi All, We now have people accesing our network over the VPN. I need to set up an ACL to only allow the VPN Users to certain servers. I am new to pix but do have gui access so am hoping that may be easier.If someone could point me in the right direct...

Resolved! -- asa5510, set of public ip

Hi all,Today, my ASA5510 outside interface have the ISP IP (from DHCP aaa.bbb.50.144).I do use NAT to access a web server in a DMZ ("static (dmz,outside) interface 172.16.1.80 netmask 255.255.255.255") from the outside interface.Tomorrow, we will hav...

ASA 5510 - Outboud traffic doesn't come back in

Greetings friends.I've got an 5510 setup for internet (static). The appliance builds the connection, tears it down, no errors.Problem I'm having is, no one can get access. I can ping and traceroute fine from the ASA to the 'net. I have a rule allo...

asa 5510 - web server access from outside

Hi all,I am a fresh cisco user, i am trying to configure a cisco asa 5510 with the ASDM GUI. Actually, Eth0 is set as Outside interface (DHCP, fixed ISP Public IP) and Eth1 as DMZ interface with a Web server (ip 172.16.1.80) behind.And i don't find h...

Resolved! IDSM-2 Inline mode

Hi,I am working with the IDSM-2, We have Cisco 6509 with CSM & FWSM, We are planning IDSM-2 in Inline mode and now i want to monitor the traffic which is coming through Outside Interface of the FW context ( Which is nothing but a VLAN A, VLAN B, Vlan...

Interface as a DHCP client

Hey Folks,I've set up my outside vlan as so:interface Vlan2 nameif outside security-level 0 ip address dhcp setrouteI need to release the IP address that that interface got dynamicly from the ISP. Kinda like doing a "ipconfig /release" on a windows ...

NAC on thin clients (diskless)

How can we use NAC on thin clients.

Resolved! ASA 5505 ACL help

I am configuring my first ASA and have not been able to figure out to to limit access to a few subnets and sites on the internet.I would like to only allow access to two internal nets10.10.23.128 255.255.255.12810.10.26.0 255.255.255.128a single woul...

ACLs on Cisco 2600

Hello -I have a 2600 router that separates two networks and I need to setup an ACL to allow traffic from 192.168.1.0/24 to two IP Addresses, 10.13.3.10 and 10.3.10.2. The rest of the network should be accessible from the 192.168.1.x net.

help fine-tuning new signatures

Could anyone please help. I recently installed a PIX 5520 with AIP-SSM-10. I can manage the sensor just fine and am using "configuring Cisco IPS using CLI 6.0" as a reference. I recently downloaded new signatures as sig1 on my sensor. when I enable...

ASA v8.03(12) and FTP

My customer recently tried to upgrade their ASA5520 to ASA 8.03(12). When they did that, all FTP through the firewall ceased to function.Is there a fix or a workaround for this?

Hub/Spoke Forcing Spoke Internet Traffic thru Tunnel?

I am having some trouble getting this tested in the lab. Essentially I have two PIX 506e setup, one pretending to be the hub, and the other a spoke (outside interfaces on the same network) with a working tunnel between them. I could ping across the...

Using blocking on our IPS Sensor

I currently have a Cisco IPS 4240 employed inline in my Customers Network. It is inside of the border Router, and in front of the Outside Firewall which protects the DMZ.the IPS is already configured to block certain types of packets inline. I was ...

Resolved! 515E Active Active or Active Standby Failover VPN?

I am looking to do failover with two Pix 515E devices and looking at the advantages and disadvantages for Active Active and Active Standby. I see Active Active lists as not supporting VPN because of the multiple contexts. Is this just referring to ...

"SQL Query in HTTP Request" (5474:0)

Hi,The IDS signature "SQL Query in HTTP Request" (5474:0) does not recognize all malicious SQL selects. Currently, the reg exp looks like [%]20|[=]|[+])[Ss][Ee][Ll][Ee][Cc][Tt]([%]20|[+])[^\r\n\x00-\x19\x7F-\xFF]+([%]20|[+])[Ff][Rr][Oo][Mm]([%]20|[+]...

Network Security

Forum Posts

Firewall Migration Tool v7.0.0.1 now live!

Setting up ACL on PIX 515e

Resolved! -- asa5510, set of public ip

ASA 5510 - Outboud traffic doesn't come back in

asa 5510 - web server access from outside

Resolved! IDSM-2 Inline mode

Interface as a DHCP client

NAC on thin clients (diskless)

Resolved! ASA 5505 ACL help

ACLs on Cisco 2600

help fine-tuning new signatures

ASA v8.03(12) and FTP

Hub/Spoke Forcing Spoke Internet Traffic thru Tunnel?

Using blocking on our IPS Sensor

Resolved! 515E Active Active or Active Standby Failover VPN?

"SQL Query in HTTP Request" (5474:0)

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Change IPS and AMP Policies to enforcement mode

Problem with ssl decrypt-resign on Cisco Sefure Firewall

FTD reboots and the active firewall losts all of the User ID entries

ASA AD LDAP Authorization belonging to multiple groups

Cisco FTD workaround for SSE connector failure stumbled on rights priv

Cisco ASA Default route preference

Migrate cisco FTD from series 2000 to series 3000

ACL on VTY Line Blocks All Connections

ASA Help With NAT for Printer

Does the FMT overwrite all FTD configuration if only selecting NAT