Hi, These counters show cumulative value so try to monitor the counters and check if it is incrementing or not. If it is incrementing continuously then you can start checking which application/traffic is getting affected. Thanks, RS ... View more

Hi, You can try capturing traffic on ingress and egress interface and analyse captures on the egress interface (ISP facing interface). Check if there is any latency in the traffic that you receive on the egress (refer timestamp) you can also check if there are too many retransmissions in the stream. As the analysis require only headers so you can avoid capturing the entire packet and restrict captures to headers only for specific traffic. Captures on ASA can be CPU intensive so ensure that you have very specific captures. Hope it helps. RS Rate if it helps. ... View more

Hi,  Could you please share the CVE id of the vulnerability which you are trying to patch. Thanks, RS ... View more

Hi imran, If you are using firewall for address translation then you need a mechanism to identify traffic on switch to perform PBR based on translated address.  If translated ip for all internal vlans then you will not be able differentiate the traffic on switch.  You can plan your network in such a way that you have different ip address for different vlans and then decide egress ISP based on your network. Thanks  RS ... View more

Hi Imran, The requirement  of segregating traffic based on source or destination IP addresses can be be achieved using PBR. ASA 5500-x running 9.4.1 and above support PBR. ASA 5520 does not have support for PBR as newer image requires newer hardware. Hope it helps. RS Rate if it helps. ... View more

Hi, Based on the syslog message 302014 it looks like that the host on inside is sending reset and that is what is causing asa to clear session. Now, you have mentioned that removing asa with other firewall resolves the problem. Can you verify and share what changes in the traffic flow when you replace the firewall. Also check on the internal host logs to identify the reason for disconnection.  I have personally seen some issues where timeout on the application causes the reset of the connection so you can try running wireshark for the entire session on the end client and check what happens just before reset of connection and if you notice latency causing the reset of connection then you can tweak timeout on the application. Based on the syslog the issue seems to be with internal host. Hope it helps. RS Rate if it helps. ... View more

Hi, To open a port on ASA to a specific device on an internal network requires nat and acl configuration. Create a static nat to map real IP and port with global IP and port. Depending upon the asa version make sure that you have appropriate IP allowed in the acl. Pre 8.3 global IP should be allowed and post 8.3 real IP should be allowed in acl. Hope this helps. RS Rate answers if it helps. ... View more

Here are couple of links that you can follow: Cisco Firewall Best Practices Guide http://www.cisco.com/c/en/us/about/security-center/firewall-best-practices.html Cisco Guide to Harden ASA firewall http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200150-Cisco-Guide-to-Harden-Cisco-ASA-Firewall.html Thanks, RS Rate if this post helps. ... View more

Hi, Check following thread: https://supportforums.cisco.com/discussion/11000121/my-asa-5505-dead Thanks  RS Rate if it helps ... View more