Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,the asa is not generating correct icmp unreachable packets for denied udp connections, the packets will simply be droped (not rejected). For denied tcp connections it sent a correct TCP reset packet. May it be possible to configure that correc...
Hi All,we have two asa in active/failover mode (routed mode) with different splittet public IP DMZ's. My qestion is related to ip broadcast forwarding in general. In my understanding the asa should deny ip packets witch has broadcast/network destinat...
Hi Nicolas,thanks for your fast response. You are right that firewalls should try be as stealth as possible, but they should also be conform to RFC's.Short example for this beavior. You have an ACL that is blocking, for example, port 123 udp (ntp) fo...
Hi Andrew,thanks for your fast response.Here is the extract from my config:interface GigabitEthernet0/0 description outer interface nameif outer security-level 0 ip address 111.111.111.194 255.255.255.224 standby 111.111.11.211 !interface GigabitEthe...
