Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have multiple CBS350 switches on our site and after installing some new security software, I became aware that multicast traffic seems to be traversing between VLANs. I initially saw this on one of my sites that's using older SG200 switches so I th...
Is this anything to be concerned about? I have an ASA5506 that is just getting hammered with Russian IPs trying to connect to port 443. I have the ASA fairly hardened -- there is no access to 443 and AnyConnect requires a certificate to connect, but ...
I have a Guest network for internet access for guests and an Inside network. I would like the Guest network to be able to access a printer on the Inside network.I have the following configuration:object-group network Guest_Network_Printersnetwork-obj...
Hello -- Here's the situation I'm trying to figure out. I have an ASA5506 at SiteA 10.10.1.0/24 and an ASA at SiteB 10.10.20.0/24 with a site-to-site VPN between the two sites. This works perfectly. Also at SiteA, we have a managed service we pay for...
Hopefully my terminology is correct. I'm not a Cisco expert by any means. I have an ASA5506 at SiteA listening on 10.10.1.1 and an ASA5506 at SiteB listening on 10.10.20.1 and a site-to-site VPN between the two. I have another device at SiteA listeni...
@Flavio Miranda Ok, I did some extended testing on this. Test scenario 1: Connected my PC with ethernet to a port with VLAN 30 untagged, VLAN 25 tagged. With my PC on VLAN 30, I'm still seeing multicast packets from VLAN 25 crossing over. This means ...
@Rob Ingram Yes, it appears to be getting dropped by the outside interface ACL. Maybe it's because I don't have SSL-VPN enabled? I only allow AnyConnect with IKEv2, so SSL-VPN is disabled on the outside interface. So maybe this isn't being considered...
@Rob Ingram - No luck unfortunately. I'm thinking it's not triggering the VPN attack detection because the connection attempt isn't making it past the ACL, so it's not actually initiating a VPN connection. It's good to know this protection is availab...
