Network Security

I have a client that is insisting on using a single device (2811) to connect to the Internet as well as their local Lan. I would like to use the firewall feature set to minimize the internal network risks having the Internet terminated on the same d...

I found this paragraph on the FWSM configuration guide 3.2:NAT Bypass No Longer Creates NAT Sessions In previous releases, even if you used NAT exemption or identity NAT, the FWSM created NAT sessions (xlates) for all flows. In Release 3.2, you can ...

Hello all,I've just started configuring 2x new ASA5520's. They will be either in active/active, or active/passive failover. I'd like to have stateful failover.A couple of questions:What is the "management" interface for (other than the potential obvi...

I have been using NetFlow to monitor incoming and outgoing traffic on my Cisco 1841 router. The 1841 router is just an edge router but my ASA 5510 is my firewall and where my remote site's VPN connection start and end. I've been seeing some high tr...

I may be missing something obvious, but would appreciate some help.I'm attempting to establish new connectivity to an inside server from an outside vendor. The traffic is being denied with no connection as soon as the conversation is initiated. I c...

HI,Does anyone know whats going on here? One of the clients on the network launches a cisco vpn client to an external resource and the client connects and is authenticated but no traffic passes. PAT is in use on the outside interface.I have enabled n...

Hi - I'm not very familiar with MARS and I'm trying to get SNMP messages sent to a NetView box when MARS identifies a High/Red alert. I created a rule that says send any of these, from and to any device, to our NetView server but so far none have arr...

Hello, just recently, users complain about their internet going off. Each time i try myself i noticed it is true. As soon as i connect (telnet or otherwise) to the pix and do a ping, cnxn is resored. After a while it goes off again. Sometimes, i can ...

If a new packet(192.168.10.10 source ip from inside to outside) comes into a FWSM, which public ip address will be translated ?FWSM(config)# static (inside,outside) 209.165.200.226 192.168.10.10 netmask 255.255.255.255FWSM(config)# static (inside,out...

We bought ASA with anti-virus bondle, but somehow we detected the virus by another anti-virus software and we can confirm that it went into our network via ASA, does that means ASA failed to detect the virus? Another question is is there any link can...

I have an existing wireless network up and running. I want to configure the NAC devices and need some questions answered. I started configuring the cas using in band virtual gateway. If the internal wireless users are on vlan 73 (ssid mapped to vl...

Hello,I have a pix 515E with a 4 port card. Can I use these ports to connect PC directly to the PIX if I don't have a switch? then setup the same security level for each port?

Hi everyone,The situation is as follows:My transfer rate is 4-5 times slower if I am behind my firewall comparing to bypassing it.Memory usage is 30% of total.CPU usage is in 1-3%.Is it a normal situation or we just use the wrong equipment and need t...