Network Security

I have a 3015 Concentrator and I am wondering how I will know when it exceeds its limts for bandwidth encryption and throughput to justify upgrading to a 3030 or SEP modules.

When I do a static NAT on the Pix:-static (inside,outside) 172.16.1.2 192.168.1.2 netmask 255.255.255.255I can see the inside IP address 192.168.1.2 is translated to 172.16.1.2 on the outside interface using the network sniffer. However if I introduc...

I want to authenticate my ipsec vpn client by using certificate. I am using asa5540 as ipsec vpn server. The first step I should do is create an trustpoint and authenticate it to ca. the trustpoint name is knasacawhen I execute the commandcrypto ca a...

I'm Having problems with RA vpn users authenticating with Vasco tokens on my new ASA 5510 platform. I,m migrating from PIX 6.3.4 to the ASA. In my PIX configuration I used the command:crypto map outside_map client token authentication ABCXYZ to let v...

Hi !I just have a couple of url to block, so I don't really want to implement a server like websense or N2H2 to manage the web content I want to block. Is there a way in the ASA-5505 to deny access to certain web pages with the url of the page ?

The detailed network diagram is attached. the default gateway of the inside servers is ASA 5520.PROBLEM:Traffic coming from XYZ Branch to the scorpio and alpha server when reach the server, they send back the packet to their gateway which is ASA 5520...

Hi,I have to audit a PIX 515 to meet the below requirements. Can anyone please let me know what the config would look like or point me to the relevant docos to make the PIX compliant.ThanksScottTCP Start Time Out must be set to 60 seconds.TCP Session...

Are there tools to automatically convert a PIX 6.3.3 config to a new ASA?

I have a 2801 connected to the Internet running the Firewall Feature Set. Version is 12.3(8r)T8. I keep getting log messages that the router has denied access from some random webservers from Port 80. We are running NAT Overload and when I show the N...

On a 525, in version 6.3, my understanding is that you cannot change an access-list per line as you can in 7.0 by line number.Is it acceptable practice, if you want to add a line in the middle of an access-list to just copy the existing ACL from the ...

Can you help with what seems to be a simple configuration issue?I am trying to get my static NAT to work from outside to inside.Cisco 506e v. 6.2(2)External address x.x.x.x nat'ted to internal address x.x.x.x for SMTP traffic.Internal address is mail...

Deny inbound icmp src inside:192.168.50.1 dst inside:10.100.107.24 (type 8, code 0)The 10.100.107 network is across the tunnel. When I attempt to access that network the tunnel comes up, but I can't get across.I do have 10 network on my side.