Network Security

PAT over site to site VPN tunnel

Hi All Just a quick sanity check, basically the requirement is that we NAT all our traffic to 1 ip address when going over the vpn tunnel. The VPN is built on a natted source network of 192.168.1.0/27 , I have set a NAT rule to dynamically NAT all ...

STIG SRG-NET-000235-FW-000160 Firewall Fails Closed

Is there any documentation that states if a Cisco ASA fails open or closed.

Resolved! ikev1 Transform set issue

Hi Anyone who can explain to me while below section 1 fails whereas section 2 goes through without any issues? The error I get is: (ERROR) Sent (Wed Oct 24 12:18:45 CEST 2018): crypto ipsec ikev1 transform-set aes_sha2 esp-aes-256 esp-sha256-hmac Rec...

ASA FP PASSIVE FTP NO DIRECTORY LISTING

Hai I have problem with asa not allowing passive ftp directory listing .code 9.6.4 tried with and with out passive command Also with inspection and with out show conn TCP outside 217.160.123.90:65134 inside 172.18.14.27:52034, idle 0:00:04, bytes...

TCP/UDP 5060 traffic not happening between same security interfaces on Cisco ASA.

Hi Everyone, I am facing some weird issue where ping traffic works fine , however tcp/udp 5060 traffic fails. There are 2 interfaces configured as below - ASA/pri/act(config)# sh run int Ethernet0/2.1097 ! interface Ethernet0/2.1097 vlan 1097 namei...

Forwarding IPS events via Syslog

Hello, We are using the IPS module on the Cisco ASA 5525-X Firewalls and we’re running version 6.2.0.6. We would like to forward detailed logs to a Syslog server. We followed these procedures: https://www.cisco.com/c/en/us/support/docs/security/fir...

Resolved! Reinstall FMC virtual appliance

Dear All, As my FMC virtual appliance was crashed when restore a backup (always show: System processes are starting, please wait.) , I would like to reinstall FMC and try restore the backup again... The original FMCv is managing a FirePower 2110. I w...

Resolved! Smart Licensing Firepower Threat Defense

Hello, I have ASA 5515-X. It's a model in end of life. I have purchased SSD disk ASA5500X-SSD120 to migrate my ASA 5515 to ASA with Firepower Threat Defense. With the new system of Smart Licensing, did it still possible to license the FTD module plug...

"Client Authentication" in ASA configuration

Good Morning I have to migrate firewall Checkpoint configuration to a Cisco ASA 5585X device. Checkpoint has many "accept", "drop", "encrypt" rules. But I could find some rules with action "Client Auth". By Client Auth rules, a user in an user gr...

Cisco ASA 5510 NAT Issue

Hey Guys; I've seen to be having an issue with this ASA 5510 FW; I don't wanna use NAT for inside/outside; since im natted on my router; I just want this FW to inspect packages and denied packages; that's it; when I check the logs on the 5510; it kee...

How to configure Cisco FTD 2140 HA in Active/Active and multi-context mode...

Hi, we're looking info about to configure a cluster of FTD 2140 in Active/Active with some firewall context enabled. Obviously this all through FMC vm. Which are best practices to do? Thansk!

Time range ACL on ASA5510

Hi, I try to allow communication for one specific IP to connect on the Internet in only specific time ranges. Monday to Friday 7:00PM to 8:30PM. As I know I not possible to start a new communication outside of this time window. But I was expe...

Packet latency

Hi, I want know Packet Latency value (IPS,AMP,URL enabled 1 by 1 or combined) when I deploy Firepower 4110 or 4120 device Inline mode. any public or internal document? I will compare with other vendors regards zafer

ASA-5516X with Firepower services stuck in init

Hi Guys After a power outage I keep receiving this error message on my ASA-5516X with FirePower services:: "/ngfw/usr/local/sf/bin/pmmon.sh: line 77: /proc//comm: No such file or directory/ngfw/usr/local/sf/bin/pmmon.sh: line 77: /proc//comm: No su...

Resolved! Management IP can't be on the same net as the gateway?

Setup our ASA 5505 back in the day, no problem, but this ASA 5506X is killing me. I have interface Management1/1 management-only nameif management security-level 0 ip address 192.168.0.3 255.255.255.0Firewalls, ASA 5506-X, ASA, but now it won't l...

Network Security

Forum Posts

PAT over site to site VPN tunnel

STIG SRG-NET-000235-FW-000160 Firewall Fails Closed

Resolved! ikev1 Transform set issue

ASA FP PASSIVE FTP NO DIRECTORY LISTING

TCP/UDP 5060 traffic not happening between same security interfaces on Cisco ASA.

Forwarding IPS events via Syslog

Resolved! Reinstall FMC virtual appliance

Resolved! Smart Licensing Firepower Threat Defense

"Client Authentication" in ASA configuration

Cisco ASA 5510 NAT Issue

How to configure Cisco FTD 2140 HA in Active/Active and multi-context mode...

Time range ACL on ASA5510

Packet latency

ASA-5516X with Firepower services stuck in init

Resolved! Management IP can't be on the same net as the gateway?

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

Knowledge Hub: Cisco Technology for Securing the Enterprise

Announcing Resources That Guide You to Success

configure SNMP inform retry and duration on FMC

FMC doesn't show all SGTs in Connection Log and Unified Events

exercicio

Cisco FTD portscan

ASA-AWS - EC2 IMDSv1 required for the PAYG license to be applied

FTD and DDNS

Can FMC running on 7.2.5 support FTD running on 7.2.8?

BGP and Transparent IPS on 3120

Comm test between subinterfaces and physical ports in ASA Firewall

Firepower 1000 port status blinking on the same time