Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I recently configured and installed ASA-5520s as a replacement for EOL PIX-525 set. This new configuration utilizes sub-interfaces for partner connections. Traffic is passing through the interfaces, but I am curious as to why the sub-interfaces are...
I have two IPS 4240s that may be placed between our internal network and our extranet firewall. The firewall set is your standard ASA-5520 active/failover pair connected to two switches.Q1 - If I am not worried about atomic attacks, is there any oth...
Does anyone know if there is a way to export a list of accounts set to expire in CS ACS (Windows)? I do not see any such option in the GUI or in the CSUtil utility.
I'm troubleshooting a site-to-site VPN tunnel between our Cat 6506 w/ VPN module to peer's PIX-515. The peer's crypto config appears to be incorrect and has two tunnels built between it and our VPN module.Example:!crypto map mymap 1 match address ac...
Second question first - When a new failover mate powers up, regardless of Primary or Secondary, the Active partner does not automatically change over to the configured Primary. An event has to occur to cause the current Active mate (Primary or Secon...
I can't say that I have seen this. I just tested the procedures I listed above on a pair of old PIX-525s and got the desired results twice - once with Serial-based failover and again with LAN-based failover. I do have to note that one command is mi...
The 'failover group' command is only for active/active pairs in multiple context mode.REF:http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/ef.html#wp1927152And the new ASA will not push over a blank config, it will receive the con...
First thing to keep in mind is that your replacement firewall should be the same model, version of ASA OS and license-type as the original.Configuration is rather simple (assuming the above is true and you are connecting to the same ports the old fir...
