Network Security

I've a PIX-515 firewall, running 7.2.2, in front of a private network. Servers in the private network are statically mapped to the external interface like this:static (inside,outside) tcp host-outside www host-inside 8080 netmask 255.255.255.255The p...

Hello, I have setup SSL VPN on ASA. Users are authenticated using a Radius server (Not Cisco ACS). I need to know how to assign certain users to one policy and other users to another policy. Currently all the user get the same Webpolicy but I would ...

I am using a VPN server which needs to proxy-arp for private interface traffic to assigned client pools. This is necessitated by the clustered aspect of the VPN service.I'm concerned that this will load my FWSM's arp table. The host 6509 has amaximu...

I've been trying to work around a problem that has been driving me nuts for a long time. As far as I can tell IP INSPECT on 871's and 1811's (models I've tested) using a range of IOS versions from 12.3.8 to 12.4.11t can not handle sending traffic ov...

Can qos pre-classify be enable over an IPSec VPN running from a 3825 ISR router to a VPN concentrator? I know it will work over GRE and IPSec site-to-site VPN's where the termination point is a router but I'm not sure about the concentrator. Any th...

platform descriptionFWSM Firewall Version 3.1(4)0 <context>Device Manager Version 5.2(1)FI can not figure out how to delete a Global Object (ip address).I can add and modify...But in the two different Global Object interfaceswhen you are in the Secur...

we are using ASA5505 having two interfaces inside(Security level 100) outside (security level 50)We had statically natted I.P X.X.X.X (inside ) to Y.Y.Y.Y (Public I.P).We are able to ping this public I.P from Internet ,also nat is working succe...

Is Fixup protocol smtp 25 for inbound only? I've heard this can cause issues of all kinds. Should I disable it?

have been asked to convert an older checkpoint firewall, running on solaris to a cisco PIX. If you have hands-on experience performing this process, Can you share some of the gotcha or tipsthat I should be aware of, given the different architectures...

helloip audit protected [ip address - ip address] according to cco it defines a protected address space for IDS, this is from cisco.An attack signature detects attacks attempted into the protected network, such as denial-of-service attempts or the ex...

I have enabled blocking on a router to fire when a certain sig fires. this has been working for a while, I can see the ACL on the router with the host being denied access,so I know that it has been working. The sig fired today and the host was added ...

I have a pix 501 and am needing to do some port forwarding. I have a DVR (being used for security cameras) it has an internal ip of 192.168.1.150. I need to have port forwarding setup for 3000 - 3007 and 8800. I used the following to do this:stati...