Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an extended ACL applied inbound to my two external interfaces (two separate ISP's using BGP). Within the ACL, I have an ACE for allowing established TCP connections, i.e. "access-list 100 permit tcp any any established ".Will this cause a prob...
I am concerned about IPv6 traffic infiltrating my network before I'm ready to accept it. Do I need to configure an IPv6 ACL to deny any any IPv6 traffic if I'm only using IPv4? Can you have both an IPv4 and IPv6 ACL configured on the same interface?
I am attempting to establish an FTP connection with an outside vendor FTPserver in order to download software patches. The vendor's FTP server switches to Passive FTP mode which means my client has to reconnect to the server using high ports for both...
I am configuring a Cisco ASA5540 using ASDM (ASA OS ver 8.03 and ASDM ver6.03 respectively) and there seems to be several common TCP and UDP ports missing from the "predefined" services ports list, i.e kerberos(TCP/UDP 88), DCE endpoint resolution (T...
When I log into a Cisco device, I am prompeted to enter username/password. Once authenticated, I have to enter the "enable" command and then enter my password again in order to gain privileged mode access. I want to be able to to go to priv mode dire...
Milan,You were correct in your suspicion that the "ip verify unicast reverse-path" configuration on the serial interface was causing the problem. You are the man!!!I apologize for the delay, but I had to wait until an optimal time to make the configu...
Milan,Sorry for the late reply but it has been a hectic day. Yes, we are able to establish the eBGP sessions with both ISPs with no problem. You also have the traffic pattern correct.We started using "TCP established" when our HQ security management ...
Hi Giuseppe,Yes, I have two entries in my ACL for BGP for each ISP. Here are the entries with a slight modification to obscure the IP addresses:access-list 100 permit tcp host xx.xx.xx.41 eq 179 host xx.xx.xx.42 logaccess-list 100 permit tcp host xx....
Hi Jon,Thanks again for looking ito this for me. It is greatly appreciated.I am not using NAT on the router, just on the firewall. The keyword "established" only appears within the ACL's on the border router. The inbound ACL's are identical and permi...
Jon and Milan,Here is more info on my topology and the situation I am experiencing.I have several customers who cannot access any of my web servers when I have both ISP interfaces active. It works when I disable either of the ISP interfaces and only ...
