Hi All, Bit of a puzzler, I've added an interface for a backup line on an ASA. The ACL for the interface is "deny ip any any". An nmap scan of the interface from the outside shows all ports *except* TCP/443 closed: [blah]$ nmap -p0-65000 <snip> Sta...

Hi All, Probably a simple question but... I've got CWS set up with SSL/TLS decryption and working beautifully. I decrypt all categories and let the existing HTTP rules dictate blocks and that works fine, for categories and blocked user agents. How...

All,Can I just check my thinking?In the old ACS 4 world you could use HCAP to offload posture checking to Microsoft NAP as in:http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns171/ns466/ns812/guide_c07-491729.htmlI don't see anything for ...

Hi all,I think a quick question for you...Am I right in thinking I can run IPSEC in main mode if I know the IP address of all my L2L VPN end points? (They all have static IPs) I can disable aggressive mode in IOS in this scenario?I would only need ag...

Hello All,How can I restrict traffic that comes in to my router over an established classic IPSEC tunnel (crypto map, etc.) assuming I don't control the remote end?I know with a VTI I could just bind an ACL to is, is there a way to apply an ACL to de...