Network Security

I have ASA 5520 with 3 interfaces: inside, outside and dmz. I have a router on the outside with lo 0 192.168.252.6, which I cannot ping from the dmz. I do have a static translation dmz, outside. The route is also there in the ASA to reach the lo 0. I...

Recently I experienced an issue with an ACL where the ASA denied traffic where there was an explicit allow statement properly placed in the list.This happened after some changes to the list were made. A few entries were marked inactive and a few were...

Not sure what is needed to fix this but i have an ASA 5520 with 2 interfaces. 1 dmz and 1 outside.I'm using the ASA for both firewall and VPN but the problem occurs when people internally try to test the VPN portion and it directs them to the public...

Hi folks.I'm tinkering around with threat-detection and in the docs (http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html)it states:To view the top 10 ACEs that match packets, including both permit and deny ACEs., use t...

Hi,The tunnel connects and I am able to grab an IP address from the correct range. However, I am not able to pass traffic between the tunnel (192.168.5.0) and the DMZ interface/network (192.168.4.0).What piece or pieces am I missing from my configur...

Hi, I was wondering if the PIX 525 and the ASA5520 are configured using IOS? Just curious if it is GUI based or CLI based basically. Thanks for your help.

I'm switching my remote PIX 501's from dhcpd to dhcprelay so I can hand out IPs from my central W2K3 DHCP server. The 1st and 3rd conversions have worked well, but my 2nd doesn't work for some reason (I've duplicated the configs as much as possible)...

Hello, I was wondering, is it possible to explicitly set the IKE SA policy through the tunnel group settings? My understanding is the first isakmp policy that matches on both ends is the selected one. I want to make sure the SA settings I gave to the...

Hi,I was able to setup our ASA5505. Internet modem connected to firewall (outside) and used one port for the modem and another port (outside) for the web server LAN card. The internet is passing ok from internet to our web server (second NIC of serve...

Hi Guys,This is a little bit of an odd request however I need to allow a sync routing due to some legacy routing to pass through my ASA.I have allowed IP any any between the particular hosts involved to allow for high ports etc.. However the ASA is t...

We recently converted our LAN-to-LAN VPN's from Cisco 3005 VPN concentrators to ASA 5510's. Everything is working correctly, except for one thing.On the remote end of the tunnel, we have a Xyplex Terminal Server. When the tunnels were on the 3005's...

Hey guys,I just upgraded my ASA 5510 to 7.2.4 and all went good. However, I havent done anything with regards to the SDM.... do I need to download the latest files for this too?what will be a great link to follow on how to properly upgrade the IOS on...

Hello, I am looking for a way to replicate running configuration on a secondary PIX 525 connected with a failover serial cable, yesterday, primary PIX crashed and the secondary was active but running configuration was too old, and except doing someti...