Network Security

i hav a server on my dmz1,i want users on the internet to access it on https....i hav an access list and a translation as shown belowstatic (outside,dmz1) 170.x.y.z 192.168.80.3 netmask 255.255.255.255 0 0access-list 1 permit tcp host proxy_server an...

Hi all,I have three networks, inside (security 100), dmz (security 50) and outside (security 0).And I have a static nat to permit access from outside to a web server in dmzstatic (dmz,outside) Public_IP DMZ_WEB_SERVER_IP netmask 255.255.255.255I have...

How can I create an e-mail alert that includes actual information about the event that triggered it?Like for example, knowing a TCP Syn Host Sweep occured and met the threshold I set for my alert is faaar less useful than knowing 10.10.10.10 triggere...

Hi,we have customer attempting an FTP from a OS/390 V2R10 C/C++ 5647-A01 Mainframe out in the internet through to a Windows server on the inside interface of a PIX515E Ver 7.0(2).Each time they attempt the FTP it fails. We can FTP from windows, and o...

I am querying a NTP router outside of a firewall interface, the firewall is a service module in a catalyst switch. I see the request hit the NTP router but no packets seem come back through the firewall. Any ideas would be helpful

I need to provide my client read only access to the ASA and CSC-SSM. If I create a username and password with priviledge 1 access he will have read only to the ASA. However, the CSC TAB does not show. Any ideas how can we provide a user with priviled...

I'm finding a discrepancy between PIX (version 6.3(3)) and ASA (version 7.0(5)):I use a static NAT statement to map a public IP address to an internal IP address:static (inside,outside) 67.67.67.67 10.0.0.1 netmask 255.255.255.255In the event of a se...

does anyone know if you have a pair of PIX's running in active/failover, if the acl hit count on the primary gets reset if the primary fails over to the secondary. When the primary comes back, does it retain its hit count? I'm trying to think of any ...

Has anyone come across the following problem ? When you disable the mail guard feature on a PIX (no fixup protocol smtp 25), it does not seem to function i.e. the mail guard is still active by default.I am running PIX 6.2(2) ? Has any one come across...

Outbound Internet traffic through our HTTP proxy is triggering this sig. below is a trigger packet. We've seen about 50 of these in the last 2 hours.evIdsAlert: eventId=1152199463829252123 vendor=Cisco severity=medium originator: hostId: h...

We haveestablished a Site-to-Site VPN tunnel between Cisco PIX 525 and Clent's Check Point NGX firewall. Tunnel is established and able to ping from both sides. If the Client people are trying to connect using RDP to one of our Server, they failed to...

Does anyone know if there is a way to associate different xlate timeout values with different global pools if I'm doing policy NAT? So, if I NAT to one destination I can set the xlate timeout value to 4 hours and if I NAT to a second destination I c...

hi, my question is does pix 520 with 128r/16f suppports 7.x IOS ? cisco has IOS 7.24 for 520. has anyone tried it ?thanks in advanceregards amit

Hi,I would like to analyze the traffic details (Similiar to that of Net Flow) for my outside interface. Is it Possible to do so or what is the best option.Basic idea is to analyze the kind of b/w distribution for various outside access.RegdsRavi

Hi, I am in process of configuring ASA5540 for remote connectivity; just IPsec.I have assigned private IP space 10.x.x.x as address pool but I want nat that traffic to inside ip address 128.x.x.xI have tried adding it using ASDM Configuration->NAT bu...