Network Security

Greetings,I have a PIX515 with 6.3(5). I am trying to convert some Alias Statements, original input by a former employee, and need some guidance to convert to Static Statements.Here are a couple:alias (inside) 10.xxx.xx.x 2xx.2xx.xx.xx 255.255.255.2...

dear sir, I use Catalyst 6513 + 1 module IDSM-2. I use Cisco VMS to manage IDSM. Now, when I connect to IDSM, and I use the function "Automatic Signature Download" and I have an account CCO and password. However, I can not download to update singnatu...

I have bought a cisco 3845 with IDS module,but I think I also need a account to update the attack signature on IDS module periodly,who can tell me how?

All,Problem was started, when one user was not able to access some websites. So we decided to run ?debug ip packet ? on our router (perimeter device) and noticed that packet was getting dropped on our router, because of the following policy-map mark_...

Hi,When using 'inspect http' on FWSM for outbound traffic, some HTTP traffic is very slow (for some clients).I have a 100MB test file on a external server, some clients are able to download it with full speed (70-80 mbit/s) while others seem to be li...

I have configured my ASA to recieve EASY VPN connections from 877 and 871 routers. All routers eventually connect but the ASA is throwing up these messages when 'debug crypto isakmp' is set off:Nov 28 14:15:15 [IKEv1]: Group = DefaultRAGroup, Userna...

I'm trying to translate port 8080 on the external interface to port 80 on the host and ran the following commands. h.h.h.h is the host I want to have http traffic go to and y.y.y.y is the static outside address of the PIX. The first command is from ...

Hi, given below is the ver and the interface. How can we create a logical interface eg. inside, outside & dmz? I've tried binding the int gb-ethernet0 to outside, int gb-ethernet1 to inside using nameif command but to no avail. Any idea? TIA.FWSM# sh...

Hi together,I have a vrf configuration on a cpe.Now I wanna send all logging messages from loopback 10, and also from the vrf.for commands like tftp, snmp, ntp the packets where send from the vrf with src ip of loopback 10.Only for syslog it does not...

hi all,we already have vpn tunnel on PIX 506 with the second party and it's working fine and also we do the natting, recently we have engaged with them in another project for which we have to define in our PIX that ip addresses from 4 Internal comput...

I have recently configured pix 501 to work with 3 server. two server is on windows and one is on redhat el 4.The firewall policy is very simple.Only 3 static ip apply with this three server. No nat or pat for group of ips.All this three server have s...

What is the recommended configuration for the management port on an ASA when in single contect mode and OSPF enabled.Im in the process of migrating from a 525 to 5520. Im not sure how to handle the routing for accessing the management interface. I us...

How it may to publish a web server in DMZ over two outside interface connectedto two different ISPs ?

HiWhen i am trying to remove this command i am getting error and the command line is not removing.==================================crypto map rtpmap 1 ipsec-isakmp ! Incomplete==================================How do i remove the above commandThanks

What is the correct way to implement stateful firewall inspection using CBAC? I recently used the following configuration to permit outbound web and other traffic to work through my IOS firewall.ip inspect name SDM_LOW tcpip inspect name SDM_LOW udp...