Network Security

Purpose - deny access to the firewall (save for specific exceptions) I always thought that if you specified some telnet hosts on the inside and SSH ones the outside that "it was implicit" that no other access could be made via these protocols. But to...

We have 2 sites with 2 ASA 5520s on Site A and a 3rd ASA 5520 on Site B.We have the 2 ASAs at Site A set as Active/Passive failover.We would like the firewall at Site B to also be part of this failover in the event of Site A being unavailable. Is thi...

We are setting up vrf's for different departmental domains and they will all come together in an FWSM module to govern access between the vrfs. Does anyone have any documentation on how to set up the FWSM for this? I need to come up to speed quickly ...

I have a 525 running 6.3 setup with 3 interfaces. Inside, branch, and dmz.The ip address range of my Head Office is 10.1.0.0 255.255.0.0 and my branch is 10.2.0.0 255.255.0.0.I have a server in the dmz with an IP address of 10.1.1.12.The firewall has...

I have installed the cisco VMS 3.1 Enterprise edition but after installation. I am not able to open it in web page. I have checked all the services and it was running fine. But after the new installation, it is not opening in internet explorer. I hav...

hello everyone, i got a question regarding SMTP extended:i have this image: c2800nm-advipservicesk9-mz.124-15.T.bin and Cisco Feature Navigator says that i have this feature but i cannot add the smtp extended protocol in any class-mapi need the smtp ...

Does anyone know of a tool that manages ASA/PIX/IOS ACLs? I am looking for a tool that can maintain shared policies and allow for local policies as well. Using the shared policies, I would like to be able to make one change to the policy and have i...

I've recently took over this new firewall to manage from another person who is no longer with the company. For some reason, when I've created a new NAT and applied a simple ACL, the ASA blocks it with the implicit deny rule.I can't seem to understa...

Hi, On my Cisco ASA 5520 if I disable inbound aggressive connections, no Cisco Client VPN's can connect, does it use this method to connect or can I use another method?

Hi, I have a Cisco ASA 5520, I have ran a penetration scan against it's outside IP and it came back with 2 problems about Self SSL certificates, do I need to have these exposed or can I turn them off?

Hi All,We just recently upgrading one ASA firewall to version 8, for evaluation purposes. Upgrade was straight forward with no errors. Most of the existing rules are working fine. We do noticed a problem with most of our L2L IPsecs. We cannot get the...

we have an WCCP ebable device located behanid the ASA , and we are not able to enable the WCCP to work , i think ASA is blocking the WCCP traffic , any idea of how to make it work

Hi,Is there a way to stop bittorrent. I have tried using match statements in class/policy-maps with no luck.I've moved on to using FPM but still no luck. I believe the newer torrent clients encrypted communications.Any Ideas?Regards,Steveclass-map ty...

How to enable inline mode in IPS Sensor & what are the step we have to follow ?

Hi,I can see in my logs many of the following enties: %ASA-6-201010: Embryonic connection limit exceeded -2/1024 (for various sources and destinations)I can't find out any information on the minus value (-2) can someone tell me how I can have a negat...