Network Security

Hello,one silly question - is it possible to specify DNS name in ACL on ASA? e.g. access-list ACL-TEST extended permit tcp any host www.example.com eq sshIf it is not possible - any plans to add that feature? Can be really useful for outbound restric...

This morning I had a ASA5540 crash - it suddenly froze, I lost contact, and then it rebooted itself. It lost contact with its mate and consequently the secondary failed over and is now active. Now it's back up put when ping to the inside interface (o...

Does nac appliance uses a systeme of self protection?

hi,if i have a Pix in center of two 2950 and i have to make a trunk between my two 2950.Whether PIx will pass VTp information.

I have a VLAN configured and trying to connect my other 2 locations that are using a VPN. This is what I'm thinking I need to do.Ex:HQ VLANs{PIX}route in 0 0 [Public]route in 192.168.1.0 255.255.255.0 192.168.5.23550 fa0/1 - 192.168.5.1/30 -> 192.168...

Hi allI want to know if it's possible (see attachment for detail) to manage multiple subnet within a Layer 3 switch (3750) through a ASA5520 with 802.1Q tagging.Refering to jpg file; the SQL and ACS subnet are only define in the layer 3 switch The D...

Dear all,I setup the remote accesss vpn using active directory ldap, kerbi for authen and authro. It is works well but i am facing frequebt tunnel disconnections.Syslog shows that the clock setting bet AD server and ASA 10 minites different. After se...

... or sometimes after a while; it started a couple of days ago, 8.0.3 installed on December.First thing I presumed was a defective power supply so I opened the case and checked all connectors to see if they were properly fit etc.question is:I see a ...

Hi, how can I configure one-on-one "IP shift" NATting on PIX/ASA ? For example 202.100.1.16/28 <-> 192.168.2.32/28. So a.a.a.17 <-> b.b.b.33...a.a.a.19 <-> b.b.b.35...Can I code like this? I don't have the appliance to verify, anybody can confirm it...

Hi,Any chance anyone knows the specific MIB's for an ASA 5520 and 2821 ISR?Finding it difficult to track down the exact ones I needhttp://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&step=2Thanks,Denis

I have 4 - 871's running 12.4(T8) that connect to an ASA running 8.x code utilizing EasyVPN. The problem is that 2 of the 871's connect and pass traffic without issue but the other 2 connect only for about 5 minutes. The configuration are all the s...

I am trying to allow SMTP through a PIX 525 running ver 7.2(2). When the banner comes back to the server it is 2's and astericks (*). I have done the "no inspection esmtp" commmand in the global policy, so that should turn off the inspection. However...

I'm setting up a new ACL on our PIX firewall (running version 7.x) to block FTP. Someone asked if I could enable FTP downloading for some machines but prevent from uploading. Is that possible? What would the ACL look like?