I have ACLs blocking most P2Ps on our edge rtrs. But they still coming in...can anyone post their P2P ACLs...I just want to compare with what I have. How about NBAR? How reliable is it running in a large network? TXAlex
I have two ASA 5520's setup in an active standby configuration. Each pix is configured with a inside and outside interface. I am also using the other two interfaces for the failover, and stateful pair. These firewall's are directly plugged into each ...
Hi, I'm trying to replace my PIX505E with the new ASA5505; I have a single public global IP address and I'm currently using some PATS in order to allow some external access to some services provided by "internal" hosts. I also allow VPN connections o...
Hi All,Sorry for the off-topic but I come froma Unix environment so I am more familiar with SSH than Microsoft Remote Desktop Protocol (RDP).I noticed that with Win2003 Service Pack 1, Microsoft Windows 2003 RDP supports RDP with FIPs compliant. Doe...
Forgive me if this get confusing.I have a new ASA 5510, I have set it up for VPN use. I can vpn via IPSEC and connect to 2 of my subnets .0 and .64 (we have 4 subnets in our range) I can ping, http(s), connect to shares, SSH etc. I am using th...
I currently am NAT'ing all RFC-1918 addresses out the firewall to the Internet. However, I want outgoing mail to appear to originate from a different IP.So, 10.0.0.1 NATs out as 1.1.1.5010.0.0.2 (a mail server) should browse Internet appearing to be...
We've got a small company with about 50 employees. Currently we are about to upgrade our Internet connection to Metro Ethernet and along with that are looking at replacing our Linux based firewall with an ASA 5510. The question however is what soluti...
hellowe have 2 5550 ASAs in active-standby mode - please see attached diagram. the ASAs LAN Failover, Stateful Failover and Inside interfaces all physically connect into Cisco catalyst 6500s.we're about to test the resiliance of our network design b...
I have an ASA 5520, running 7.0(6), that I have configured for multiple contexts. Each context has a separate outside network, but I intend for them to each be on the same inside subnet.Interface gi0/2 is connected to the inside subnet, and this int...
HiI have a ASA5510 and have some questions as belowI am thinking to configure 1 ASA5510 in active/passive mode on the same device by creating multiple contexts on it. Is this possible if I have security plus license on it? Can one ASA5510 be configur...
We are considering a strategy of blacklisting or whitelisting IP by country. Some questions:1) Is there an easier method than adding lots of IP ranges (i.e. just specify a country)2) What would be the performance considerations? i.e. how big of a lis...
i want to know the different between discover the devices through physical Interface IP address and discover through lookback ip address.Please tell me which one is better and if there is any documents that show the different please tell me from wher...
Hello all, I'm not really experienced with the PIX firewalls, but I do have a good knowledge of the basic IOS for the routers/switches. Anyway, I have a Pix 525 firewall that has its interfaces, etc. already set up with IPs. My one question is on ho...
