Hi,I have an ASA 5515, config looks like this:All inside IP'a are translated to outside. I'm able to ping everything in the Internet and also the host located in DMZ 111.111.111.11 but I'm unable to ping host translated in DMZ (111.111.111.111)Nat s...
Hi,I have internal dns server which is natted to public ip and dns permitted from inside . I am getting lot of traffic . it is psossible to limit the traffic (inspect dns are in place ) Thanks
Isn't there a way to see what the FQDN is within a DNS request? I have seen some DNS requests to an unexpected external DNS server and I would like to find out what the FQDN was that it sent the request to but I can't seem to find any report or way t...
Hello we have a pair of ASA 5515-X firewalls.VPN works fine however on Linux, no matter what we do it will still add the iptables rules.We have disabled the client firewall in ASDM, but it's still being added.We even tried adding a script on connect ...
I have 2 Firepower 4100 Boxes and i would like to build a logical FTD Active Standby HA on them.. want to confirm on a few points as mentioned below : I can select any interface on the chassis to function as Management for FTDs..provided it is in the...
Hello All, We are using Cisco ASA 5585-X for many years however we are facing a lot issues with a stable version of the software image presently we are using Version 9.4(4)20 however present software have seemed to be a bug as memory utilization is...
Hello, we are implementing a RAVPN solution with Firepower and the scenario is:-We have a x.x.x.x/30 for RAVPN solution-Firepower Outisde interface is using private address y.y.y.y/30 and is connected to a Internet Router inside interface-Internet Ro...
Hi, I edited the default policy for ikev2 ( it is done for ipsec site to site vpn policy )The below is before editing crypto ikev2 policy 1encryption aes-256integrity shagroup 5prf shalifetime seconds 86400 and the below is after editing crypto ik...
Hello, everyone. I nee clarification about one thing. We are using FTD devices on out corporate network for RA ans S2S VPNs. FTD has one interface for internet and one WAN interface leased from SP for 3rd Party companies. Currently we have one site-t...
Hi AllI am currently using CISCO ASA 5550 model with below IOS version and VPN client software. Network audit raise an issue on IOS and VPN client version and request to upgrade to latest release. Can anyone please suggest and share download link of ...
There is a vulnerability reported # CVE-2016-2183 (Sweet32). DES should be removed as perbug # CSCvb24585current config on ASA 5525X :------------------------------ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"ssl cipher tlsv1...
Hi Friends, I have gone through the web and found that ASA 5555 FTD comes with a default 2 context license. so my query is as below. can we create two context admin+2? or we can be able to create admin+1? my requirement is to create 2 customer contex...
HelloIs there a CLI command to obtain unused objects on the FMC?We are using FMC with firmware 6.4.0.4Right now the FMC has nearly 18,000 objects and we need to eliminate the ones that are not used. Regards
during vulnerability scan on my hardware router.SSH Server CBC Mode Ciphers Enabled and SSH Weak MAC Algorithms Enabled appears on the reportRecommendation are to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption and di...
Hi, needing help here, I have setup a pair of 1841s site2site with static IP at HQ and dynamic IP remote. PC and a Cisco 8861(with a PoE adapter) behind the 1841 all work fine. Then I took an ASA5505 (want to use its PoE port), setup as remote dynam...
