Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I configure my ASA 5520 using the command line, but I keep an https:// session open so I can use the packet tracer in order to perform virtual tests. Great.So I check to see if my configuration will pass a simple http request from inside to outside ...
We have a mac filter on a port of a Cisco 3560. That port connects to the uplink port of a 4-port unmanaged switch. It works great.Today, a different 4-port switch was connected. I would expect that no traffic would pass since the mac address is w...
I have a 24-port Cisco 2950 on my ASA 5520 DMZ interface. It is segregated into 23 vlans:interface FastEthernet0/1 switchport access vlan 101 ip address 192.168.101.1 255.255.255.0!interface FastEthernet0/2 switchport access vlan 102 ip address 192....
I have a brand new configuration. I made the fewest possible modifications for testing. Here are the only changes I made:Added an IP (+mask) to the outside and inside interface.Added a nat (inside) 0 0Added a global (outside) PUBLIC_IPAdded a defau...
I have a PIX (to the internet) and 2 servers connected to a router.From the router, I can ping both servers and the PIX without a problem.From each server, I can ping the other, the router, and the PIX.From the PIX, I can ping the router but ONLY ONE...
I put my packet sniffing kit in line between the firewall's outside interface and the ISP router's inside interface. Hey, the request does indeed get passed to the outside interface (just as th ASA claimed it would).But no response.Is there somethin...
I'll need the switches to communicate correctly when the mac address matches, so I can't turn off negotiation on the port.And I understand that physically, packets must be received before they are dropped (and so increment traffic).But are you saying...
Then this is a fault in Cisco's mac filter. What's the point of the filter if it still accepts packets from the far side? No banned device should get ANY information (even a single packet) from our network.Or are the incoming packet counts (the bas...
David is now my favorite person.Much joy. Each port on the switch is a separate VLAN with no inter-VLAN routing. If a DMZ server is compromised, it cannot attack other DMZ servers (at least it'll be harder). Each vlan on the switch has an ip on a ...
