Dear community,We have a pair of ASA 5545X firewalls in an Active/Failover HA pair. The configuration of our external "outside" interface is in a port channel with the rest of our internal interfaces. I have to do some work this weekend to change tha...
I think I need a twice nat but i have never done one and its confusing to me. My scenario is this: Client A = 10.81.113.10 Server B = 10.0.1.4 Site A has Client A Site B has Server B Client A cannot hit Server B on its IP address (real IP). ...
Hi I have a situation where Cisco ASA with Sourcefire is inline mode , ASA is acting as a default gateway & can monitor the traffic . Now Customer wants to monitor the traffic for rest of the IP, where ASA is not in the path . reading the https://...
Hello,Here is a simple diagram of our network : 192.168.51.0/24 ---192.168.51.1 inside (Cisco ASA) --- Interface oustide--- Internet|192.168.51.5 ---ISP Router--- ISP network---- 10.100.0.0/16 The default gateway to outside is the ASA's inside interf...
Dear All, We use a third-party tool for vulnerability tests on our internet facing devices and for my Cisco ASA5508, i got this below error. SSL Certificate Cannot Be Trusted 443 / tcp / cisco-ssl-vpn-svr . I am not hosting any gateway service ...
Two Questions: In previous ASA Version ( v8 ) there was a "Dead Connection Detection" ( DCD) - Function to Keep inactive but already existent Connections open. Is DCD behavior also supportet in FTD ? Background: Using a "foreign " Firewall Connec...
Hey folks, this is my first post here so I am hoping someone can assist. I am setting up a site-to-site connection in my lab using ASA firewalls and ISR routers on each end. The goal is to establish an IPSec tunnel between the ASA's and pass GRE tunn...
Hello Folks, We are using Prime Infrastructure 3.5 to create Zone Based Firewall policies to be managed on ISR 4451s. Attached are screenshots (screenshot 1 and 2) of the defined object groups and the policy from PI using these object groups: Whe...
Hi, Currently got an issue whereby SCP and SFTP transfers are very slow over our WAN links. The links are 600Mbit with a RTT of approximately 10ms. Transferring on the LAN gives rates of approx 33Mbps but over the WAN we’re seeing 3Mbps. There is n...
We have several Site-to-Site VPN-Connections to our ASA 9.6.4. Is it possible to configure the ASA to operate as VPN responder only? Kind regards
Ihave configured ASA 5506x for WEBvpn with several plugins like RDP. When i launch the app, it gives error ""attempted to open a sandboxed jar <applet url here> as Trusted-Only"." I have latest version of java installed. Attached error message p...
So i have been playing around with a basic scenario of a linux ec2 vm on the inside subnet of the ASAv. A vpn to the VPC and a static route to my remote subnet (opposite side of the vpn). I have tried custom route tables, routes on the ec2 vm, and ro...
I am facing difficulty implementing access rule in ASASM. The rule does not catch traffic. If I permit ip any to any it allows the traffic I have attached the packet trace. The first rule below is my more specific rule. Also the items in two packet...
Hello, After migrating the firewall policy from an ASA to Firepower most of the objects in the rules were automatically grouped and named using the "DM_INLINE_NETWORK" or "DM_INLINE_SERVICE" naming convention. This difficult a lot the understanding...
If I want to configure ZBFW to inspect everything, I need to ip access-list extended everythingpermit ip any anyclass-map type inspect match-any everythingmatch access-group name everythingpolicy-map type inspect MYPMAPclass type inspect everything ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
| Subject | Author | Posted |
|---|---|---|
| 05-26-2026 07:54 AM | ||
| 05-02-2026 06:09 AM | ||
| 04-30-2026 12:46 AM | ||
| 04-24-2026 07:04 AM | ||
| 04-22-2026 11:56 AM |
