I have a cisco pix 525 v6.3 with UR license (and another with an FO license). Currently they have 2 gig ints, and 6 Fa ints. Normally the sh ver shows me max physical int = 8 and max int = 12. But I want to make sure from you guys the following: ...
Dear All,I am working on a 515e with the following interfaces:nameif ethernet0 outside security0nameif ethernet1 inside security100nameif ethernet2 dmz security4nameif ethernet3 webside security6nameif ethernet4 backweb security8nameif ethernet5 bakw...
I have an ISS IPS that I would like to put inline in front of my FWSM. This should be straight forward, but I want to use transit VLANs instead of physical connections. My question is can this be done? If it can, how would I do it? I have accompl...
I can't figure out how to configure NAT properly.I want incoming http requests on interface outside to be forwarded to host 192.168.3.2 on interface dmz. But everything gets denied. Is this a NAT problem or an ACL problem?The outside interface is 192...
Does anyone know how to trouble-shoot state condition false positives.I can't see to find in the logs what is doing this ?----------------------------------------Hosts in state condition Unprotected access detected
I want to have our 5510 detect when we are getting a dictionary attack on our FTP server. Do I need the IPS module in order to this or can this be done on the base unit as well?Thank you.
Hi All, We are trying to deploy IDSM2, which is acting in promiscous mode at this moment to act as inline ..We are understanding that, there are couple of methods by which we can deploy that,one by making interface pair config and other in vlan pair...
I am setting up 2 redundant 5520's in failover mode to replace a Checkpoint FW. The new ASA's have 4 Gig and 1 fast ehternet interfaces to use. I need to establish 2 DMZ's, 2 outside connections, and obviously 1 inside interface. Since one interfa...
I have to create a Poison Pill where CSA can essentially disable a system to the point that it is unusable and not recoverable. I know there are several rules that can possibly do this by themselves, but I was wondering what would be the most effecti...
is there a command you can use when logged in using the service account to stop and start the ips processes. I'd like to try that before having to reboot the device. It currently shows the MainApp as not running
I am using SDM for the first time to set up a 871 router. There is a predfined policy that just seems counter intuitive. It is found in the Firewall and ACL section and is called sdm-permit. It is applied from the out-zone to self. This is the con...
I want to backup ASA configuration automatically, for example, once a day.I guess, I should use something like passwordless ssh to my ASA and run something like "save config and scp it to remote linux serer".Is there some article/howto that can help ...
Our ISP gave us a range of real internet ip address (10.1.1.1 to 10.1.1.15 for example). We have domain names registered to some of the ip addresses (ie www.webserver1.com -> 10.1.1.1, www.webserver2.com -> 10.1.1.2, etc).My outside interface on the...
