Network Security

hii have group of users who are using internet througth PAT, now some of the users trying to cunnect VPN servers over internet, problem is that the only user who is connecting the VPN server first, is able to get the VPN authentication, IP addresses ...

hi my name is kim.. i had installed FWSM3.2(3)+SUP720traffic is 1Gbps(in+out)but i founded FWSM abnormal condition[symptomhigh CPU normal 40~50 % bug? or misconfig?please reply to me

We have a VPN Tunnel established between a ASA5510 at our home office and a ASA5505 at a remote office. The tunnel is working properly, however the performance across the IPSEC tunnel is very poor. The tunnel is setup so that the remote 5505 sends ...

Hi,we need to setup a Lotus Sametime server on a site. With the following setup.LAN ---- PIX 501 ---- RTR --- (INTERNET)Now the issue is Lotus Sametime server cannot be NATted like the rest of the internal network.Can I give it an IP of one of the sp...

Hi, 3 different networks i wanted to configure in one FWSM interface.Kindly guide me how to do it...Thanks in advance

Hi, Can we configure failover on sub interface for outside ? Can i have multiple sub interface in outside region on firewall for failover ?

Hi there,could u give me some advise for the following issue:nat (dmz) 13 access-list nat-dmzglobal (internet) 13 194.x.x.xaccess-list nat-dmz permit tcp host 10.88.x.x gt 1023 any--> a normal policy Nat statementand I also have a static:static (dmz,...

Hi, being new to the concept of correlation and deep packet inspection, i have few design related (to CS-MARS) questions.- How isthe incident analyzed? I have only 1 incident "Inactive CS-MARS reporting device".. What does this mean, and how to go th...

I have a Linux host behind a Pix515. Everything behind the Pix is PATed to thePix outside interface:nat (inside) 1 0 0global (outside) 1 interfaceI have a Solaris 9 on the Internet. I have a 100Mbps connection to the Internetvia the Pix.When I perf...

I would like if possible to configure this scenerio.I have remote sites with PIX 506 s connecting to a cisco 2801 router with VPN AIM. This is working correctly. Now i have also a second 2801 for redundancy purposes. If i set the pix up with a secon...

I believe there is a default 30 min TCP idle session timeout attached with every TCP service. There are features in other firewalls to increase this timeout or set it to None. Can we do the same in PIX/FWSM also.Could you help me with commands to ver...

My ASA 5510 is intermittently denying access form my ISP's mail server to our internal SMTP gatway.The acl applied to the outside interface of the firewall allows tcp any any to the smtp server on port 25. There is no access-list applied to inside in...

Hi, I have 1- Firewall configure with outside IP 201.100.100.12- Router 1 with loop back 10.1.1.1 (inside network)3- Router 2 with loop back 10.2.2.2 (inside network)I configure the following on ASA Static (inside,outside) tcp 201.100.100.1 1100 10.1...

Hi Guys,I have 2 525s and they are doing failover.This is my first affair with pix failovers so I want to know if I can get the running config of the stand-by PIX from the active one?thanks