nmap "all 1000 ports are FILTERED" result vary based on which ASA interface blocks?
Hello I have a question about a strange inconsistent behavior between two ASAs and I'm wondering if someone can point me in the right direction.
I have two separate firewalls one at the perimeter and one inside of my network and my nmap scanner is sitting right in between those two, on firewall1 (perimeter 5520 v8.2.5) I'm blocking on the inside interface (in), on firewall2 (5540 v.8.2.5) I'm allowing ip any through the outside interface (in) but I'm blocking on the inside interface (out).
When I scan a class C lan off of firewall1 on which maybe no hosts at all are up I get the following:
*Nmap done: 256 IP addresses (256 hosts up) scanned in 456.61 seconds*
with a detailed list of each hosts that was found "up" like this:
*Nmap scan report for 10.10.12.6 Host is up (0.0064s latency). All 1000 scanned ports on 10.10.12.6 are filtered*
When I scan a class C lan off of firewall2 I don't get the *host filtered* message above for the hosts that aren't there/filtered, I only get output for the ones that are up.
At the end of the output I get this: Nmap done: 256 IP addresses (18 hosts up) scanned in 13.02 seconds
I'm wondering if this is due to the fact that the outside interface of firewall2 is permitting traffic whereas the inside interface blocks. And if that's the case, why filtering on the inside interface doesn't produce a "FILTERED" message on the nmap scanner?
Dear Community, So, according to the Cisco ISE Release 2.7 Administrator Guide, it should be possible to use a remote lock/wipe on MDM-devices that connect through ISE on the network( see the screenshot in the attachment).The problem is that th...
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l...
Hi Everyone, Does anyone know if it is possible create a NAT for Cisco Anyconnect to a different IP so that the user doesn't have to use the External IP? We want to use a different dns name and assign to a different set group of users. Thank you...
"Choose one of the topics below to help you on your journey with NGFW/ASA"
Getting Started with Next-Genera...
Hello! I run 126.96.36.199.When I click download updates in ASDM I get:Download updates failed: Peer certificate cannot be authenticated with known CA certificates I have 3 identical devices and all of them have the same problem.. How can I fix ...