Network Security

Deny TCP (no connnection) - After a crytomap change

Hi, Have a Cisco ASA - lots of IPSec VPN's to lots of places. The allowed service in the Cryptomap was IP to all - we decided to narrow this down to SSH, RDP etc. I created a group for the ports and added to a test VPN - all worked well. I then appli...

ASA Failover Pair - Access Second Unit via VPN

Hi,we are running two failover pairs of asa (5510, 5505) in two different locations in active/standby configurations.Is it possible to access the inside ip of the standby unit via vpn terminated by the active unit? It's only for monitoring.With our c...

Outside host cannot ping host in DMZ even with ACLs configured for ICMP

This is an ASA access list question. Why am I not able to ping the host in the DMZ from the host in the OUTSIDE? I have ACL's configured to allow ICMP, so not sure what I'm missing here.

Test Plan for AAA (TACACS) IMPLEMENTATION

TEST PLAN FOR TACACS+So we are implementing tacacs on all our firewalls in the next week or so I have some doubts so that I don’t lock myself out.I First thought most cases of users locking themselves out was due to the authorization part.So here ...

Additional License on ASAv in PLR License mode....

Hi, we've a Cisco ASAv licensed in Permanent License Reservation mode. We can't use standard Smart License or Satellite communications way. Basic license was inserted into Smart Account and it was installed correctly, using License Reservation wizard...

I can receive but can not send mail from my mail server to mail Google

I'm using ASA cisco 5520 with ASA version 8.0 and ASDM 7.1. My network only set DMZ and outside.DMZ: 172.16.77.1 and Mail server: 172.16.77.100.Outside (PPPOE): IP public get from ISP (and I have 1 IP static: X.X.X.27).I'm browsing a lot of pages on ...

Resolved! VPN encryption domain using private range

Hello all, I'm setting up a VPN with a 3rd party who have suggested the use of 172.16.8.0/26 as the encryption domain on my side of the tunnel (happy to do this to avoid wasting public IP's). There side of the encryption domain is 70.0.0.x/27. I am p...

Config help on NGFW 2110 FDM - Shoretel VPN Concentrator

Hello - I need some config help with deploying a Shoretel VPN concentrator in my network. Per the documentation, one leg would be connected to my 2110 on a dedicated DMZ port, the other leg would be connected to my LAN. The config on the 2110 would...

Pass RFC1918 from ASA outside interface to NAT router

What does the no NAT look like on the ASA for rfc1918 traffic to egress the outside interface of the ASA to an upstream router that does NAT?Outside interface of ASA and inside interface of router are Public registered IPs that belong to me. nat (ins...

Resolved! Enable password change in a Active/Standby Failover pair ASA 5515x running 9.6(4)3

Stupid Question. If I change one of the failover pair's Enable passwords do I have to change it on the other one or does that get replicated automatically? Thanks

upgrading the ASA 5585-X FirePOWER SSP-10

I would like the procedure for upgrading the ASA 5585-X FirePOWER SSP-10 (Firepower / Asa / ASDM)

Resolved! FTD claims all IP addresses are in use

Puzzled with the FTD's behavior with DHCP traffic coming from two different interfaces and different zones: Client sends the DHCP Discovery.Server sends the DHCP Offer, switch sends an ARP and nobody replies (expected).Clients sends a DHCP Request of...

SIP Trunk through ASA to Internal Phone Server?

Hello All, A am a bit new to SIP trunks with the ASA. I wanted to see if someone could give me a best practice review? Using a Cisco ASA5510 version 8.4(5) and we have an internal Mitel Phone server. SIP trunk is being handed off by Comcast.These are...

FMC Event Viewer: only show unique events / filter repeated events

Hi community, I'm looking at blocked Connection Events (Analysis>Connection>Events) on the FMC. Is there a way to only show only unique IP:Port -> IP:Port combinations? In other words: I would like to remove repeated connection events. It would als...

ASA5505 can't access different vlans

Hi, The ASA has Security Plus license and I config below two vlans with same security level, why they can't ping each others? ASA Version 9.2(4) This platform has an ASA 5505 Security Plus license. interface Vlan1nameif insidesecurity-level 100ip add...

Network Security

Forum Posts

Deny TCP (no connnection) - After a crytomap change

ASA Failover Pair - Access Second Unit via VPN

Outside host cannot ping host in DMZ even with ACLs configured for ICMP

Test Plan for AAA (TACACS) IMPLEMENTATION

Additional License on ASAv in PLR License mode....

I can receive but can not send mail from my mail server to mail Google

Resolved! VPN encryption domain using private range

Config help on NGFW 2110 FDM - Shoretel VPN Concentrator

Pass RFC1918 from ASA outside interface to NAT router

Resolved! Enable password change in a Active/Standby Failover pair ASA 5515x running 9.6(4)3

upgrading the ASA 5585-X FirePOWER SSP-10

Resolved! FTD claims all IP addresses are in use

SIP Trunk through ASA to Internal Phone Server?

FMC Event Viewer: only show unique events / filter repeated events

ASA5505 can't access different vlans

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

dpc3941b MAC Filter Settings

Could not ssh to ASA after upgrading OS from 9.14.3.18 to version 9.1

Assigning an EtherChannel Subinterface to an Instance via FMC API

Secondary FMCv in HA - migration to new data center process

FTD OpenSSH < 9.8 RCE

any EOS/L decided for 3140

ASA 1010 BGP SNMP OIDs

Firepower 1120 FTD Setup

Captive Portal doesn't work in FMC

Cisco ASA uninstalling SFR module