Cisco Firewall :: ASA 5585X URL Filtering / Unable To Support CSC Module?
Aug 22, 2011Because ASA5585X doesn't support CSC module, how can do URL filtering on ASA5585X
View 1 RepliesBecause ASA5585X doesn't support CSC module, how can do URL filtering on ASA5585X
View 1 RepliesDoes ASA 8.3 support MAC address filtering, I want to allow a single specific laptop to login to the ASA 8.3 firewall (for management) from anywhere on the internet, I know I can do it through VPN but I want a simple MAC address access list or something......
View 3 Replies View RelatedI know the 5510 & 5520s support the CSC-SSM module for Content Filtering (Anti-Phishing, Anti Spam, URL filtering, Anti-Spyware & Antivirus), but what about content filtering for the ASA5525-K9.The problem that I have is that I need a firewall that supports up to 1 Gbps Maximum Firewall Throughput and to support 250 users with Content Filtering described above.I'm using the following doc for sizing and came across the ASA5525-K9 for 1 Gbps, but not sure about the Content filtering: url...
View 3 Replies View RelatedI have come across articles mentioning that URL Filtering can be implemented by using ASA 5505 with URL Filtering Servers. But Websense and other Web Filtering Servers are paid ones ? Are there any free solutions available ? What exactly is N2H2 ? The reason is I don 't want to increase the CPU utilization of ASA by implementing URL filtering within the device. If I have around 30 nodes which connects to the internet via a 2Mbps line through ASA 5505 and if I want to block around say 10 or 15 URLs , will it increase CU utilization beyond permissible limits ? Currently the CPU Utilization is around 10 - 15 . Here's the infrastructure setup .
------------------------------------------------------------
Nodes -->Switches-->ASA 5505-->Internet
-------------------------------------------------------------
Looking for a recommended code on the ASA 5585x firewall. We ran into a bug (CSCtr24705) on version 8.4.2 where it rebooted the primary firewall. The bug has to do with modifying an existing ACL that's part of a custom policy-map inside a service-policy. If we upgrade to 8.4.5 (which has the previous bug fix in it), there is another major bug (CSCud70273) where if you use the packet-tracer input command on an inside interface it causes problems too.
I don't understand why packet-tracer input would have a bug associated with it when it's been around for a long time and we use it on a daily basis for troubleshooting. Is there stable code for the 5585x to upgrade to without running into possibly a major bug? This is our core firewall so there are no VPN tunnels on it. It's setup in active/standby failover in routed mode.
I am wondering what is Latency value for Cisco ASA 5585X and 5555X . I can see on websites that it says "low latency firewall" but I dont see any value.
View 1 Replies View Relatedif there is a way to configure pim-ssm on asa 5585x-ssm20.
View 1 Replies View RelatedLooking to replace an "all-in-one" type firewall (UTM/Firewall, SSL VPN) with a cisco product - the issue i'm running into is that we have multiple ISPs plus WAN and DMZ - overall more than 5 ports on mid-range ASA devices - and from what i read, adding 4-port module precludes me from adding CSC module.
Is there an solution to that other than going for 5585-x model? (kind of over our budget, granted we need 2 for failover)
I have a circuit that will be delivered to a client next week and we are installing an ASA 5585x for them. They will have a circuit coming in with a few VLANs configured on it. One VLAN for the Internet and one for connectivity to another client.
So does the ASA allow you to create the "outside" interface on a subinterface?
I will be supporting a new ASA 5585X running 8.4 and I was wondering if it's possible to apply an ACL globally instead of it as an access group that is applied to a specific interface as in or out ... below are the interfaces and ACl.
View 2 Replies View RelatedI have a active-active setup with 2 cisco asa 5585x running 8.4 - the boxes ahve each 2 sec context's build-in - which gives 4 sec context in the cluster. I have 2 x 5 extra licenses (2 x ASA5500-SC-5) which I haven't applied yet - will this give me a total of 10 or 14 security contextes? I am a bit in doubt because if I only get 10 sec contextes in this cluster then could I instead get a single 10 security context license (1 x ASA5500-SC-10) and add this - hereby I would get 12 then.
View 1 Replies View RelatedIs it possible have Content Security and Control Security in a ASA 5585-X? I´m asking because the CSC-SSM is only supported in ASA 5540, 5520 and 5510 and I dont know how it feature ca be supported on a new ASA 5585-X.
View 2 Replies View RelatedI want to configure 5585x Active/Standby with 2 nexus switches utilizing VPC technology. New ASA 8.4 supports etherchannel so I want to plugin 2 cables from ASA1 to sw1 and sw2 and 2 cables from ASA2 to sw1 and sw2? Is this a valid design? how would I configure that? Any design document on that?
View 1 Replies View RelatedI have an asa 5585x cluster. I get ssh access but no console access on the standby unit.
On the active unit, when I try console access, ASA ask for a password. I have tried all the one that I have configured, but without success.
We have a 5585X running in multi context mode, and we are getting log entries for scanning threat detection, such as:
%ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 2 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 3116
Threat detection is not supported in multi context mode so I cannot tune the thresholds, is there any way that I can get rid of this outside of messing about with logging levels/message IDs?
One of my client want to upgrade its already installed ASA5540-bun-k9 by adding CSC-20 Module. As per below link CSC-20 is supported with ASA5540. but for any reason the ASA5540 bundle option with CSC Module is not available that create confusion.Will CSC-20 Module work with ASA5540-bun-k9 [URL]
View 2 Replies View Relatedwe have two 6509 catalyst. we bought two new SFM-capable 16 port 1000mb GBIC/WS-X6516A-GBIC module. but our catalysts doesnt support them. we don't know the reason. we tried on another 6500 series catalyst they worked.
here are the outputs from our 6509:
Core-SW-1#sh module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 0 1-subslot SPA Interface Processor-600 7600-SIP-600 JAE14090958
2 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL1413DX2B
3 16 CEF720 16 port 10GE WS-X6716-10GE SAL1414EL2Q
4 1 Application Control Engine Module ACE20-MOD-K9 SAD1408036Z
5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAL1414ERDT
6 5 Supervisor Engine 720 10GE (RPR-Warm) VS-S720-10G SAL1414ERE3
7 16 CEF720 16 port 10GE WS-X6716-10GE SAL1414ER93
8 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL1326SVBS(code)
I have a couple of these routers in the lab with a very basic MPLS configuration on them. Everything works fine on the fixed interfaces but I cannot get the ldp neighborship to form between the 1FE2W interfaces on each router. Does this module support MPLS?
View 3 Replies View RelatedBelow is my Topo
DUT------router(7600)------Sami module (slot 9)
I have both ipv4 and Ipv6 config on all the three hops. Between Cisco and Sami module, I have the Ip config on vlan interface 1400(say). Its not on a physical interface obviously, I can ping ipv5 from DUT to Sami IPv4 address. But Ipv6 doesnt work. If I add a sttic route to DUT network on SAMI, show ipv6 route does not show it.
switch 6506 E with supp 720 does it support 10 GIG module ?
View 3 Replies View RelatedI have a switch Cisco WS-C6509-E WS-X6716-10G-3C module ( module for 10 GB) , i have the IOS s72033-ipservicesk9-mz.122-18.SXF9.bin. I want to know if this IOS can support this module or not ? or , if i must do a upgrade , is that the IOS : "s72033-ipservicesk9_wan-mz.122-33.SXH8" work fine ?
View 7 Replies View RelatedDoes ACE service module support SHA2(256) certificates? I see that private key generation defaults to SHA1 and does not provide any option, also the cipher suites in SSL parameters map do not show SHA2 options. Can it handle SHA2 in any software release? I am currently running A2(2.3) build 3.00
View 6 Replies View RelatedIn our Environment we used to Connect to wifi using Radius Authentication Through AD Account (Encryption: TKIP and CIpher, Authentication Open+EAP and Network EAP, Key management WPA) this settings which will be done And pushed through AD Itself.We Use CIsco 1130AG, 1200 Series in most of the areas which have no Issues.But We Have Some trouble with Cisco WAP4410N Access point.In This Access point users were not able to Connect to wifi through Radius Authentication.However users were able to Connect to these Access point, but it is unsecured, whoever configure's the correct client settings in their PC. They can connect to SSID. This Access point is capable of supporting Radius Authentication?
View 4 Replies View RelatedI am trying to install SFP-GE-T module on Nexus 5548UP Switch, but is giving the ‘SFP validation Failed’ error. The details of the switch is given below
Model : N5K-C5548UP-FA
The interface is configured with speed 1000 before inserting the module, still we are getting the same error. PFA logs for more details We have 8 Nos of SFP-GE-T modules , all are giving same error. We tried to insert the module on onboard as well as expansion module.
The same module is working fine on Cisco 3750X-24T-L Switch As per the Hardware installation guide , SFP-GE-T transciever is supported on N5K platform. Please extend your support in configuring SFP-GE-T module on N5K platform? We tried with SFP-GE-S module on the same switch , and the same is found working fine.
I am looking at deploying a pair of 5585X's in an active/active multiple context state. I am creating Mulitple contexts that need to be able to route to each other. I was going to deploy a type of Gateway context that has a shared interface to all of the other contexts, instead of sharing interfaces directly between the contexts, i beleive this will work as basically i am just cascadng the contexts and sharing interfaces.
The main problem i have come across, is that if i deploy active/active across two appliances using 2 failover groups i can not see a way to route between them, for example.
I have Context 1, Context 2 and Context GW A including the shared interfaces of Con1 and Con2 in failover group 1 on appliance A with the respective standbys on Appliance 2. I have Context 2, Context 4 and Context GW B including the shared interfaces of Con 3 and Con 4 in failover group 2 on appliance B with the respective standbys on Appliance 1.
I need to be able to route traffic between Context GW A and GW B so that the contexts can communicate in normal operation and in failover. I do not beleive that I can share an interface between contexts in two separate failover groups and to be honest without adding a L3 device between the appliances i am not sure if this is possible.
i will going to buy a router 2911 but i want know if support a interface ADSL modulo like backup in case that my primary link WAN Ethernet down and up the adsl link with a module HWIC ADSL pots.
View 1 Replies View RelatedI noticed that the 3600 access point series will get an add-on module to support 802.11ac. This standard will support more than 1 GBit/s.But the 3600 series still do only have got one GBit port. Any extended information about 802.11ac in the upcoming Cisco portfolio?
View 8 Replies View Related1) Does the 6500 series router support supervisor module redundancy like the 7304 does? IE, can I put two identical sup720 modules in the chassis for failover?
2) Can I use any ethernet interface on any line card on the 6500 series for router interfaces? If not, which line cards work as router interfaces?
3) Differences between the 6500 series and the 7600 series? Can I use a sup720 modules from a 6500 in a 7600?
Can 10Gbase SFP+ module support 1GB traffic on a Nexus 5596T.
The module for 10Gb is Cisco SFP-10G-SR. My scenario is connecting the 10GB SFP+ module to an access switch 1GB fiber uplink, will this work?
I've been researching the 3750-x Netflow support but I'm not 100% sure of how much support it has. From what I've read the only way to get NetFlow support is to install a specific module that provides NetFlow. I also heard about how it might support s-flow but I haven't found out for sure.
View 8 Replies View RelatedI've been trying to configured Websense urlfiltering using ZFW feature on my Cisco 881G router. The router is running on IOS 15.0(1)M with Advanced IP Services. And I have confirmed it supports urlfilter feature.
This is what I tried to accomplish but IOS version 15.0x seems to have different command set.
-----------------------
class-map type inspect httptraffic
match protocol http
parameter-map type urlfilter param
server vendor websense 10.20.30.40
[Code]...
We got a requirement for 2 number of X2-10GB-SR line card WS-X45-SUP6-E in WS-C4506-E.Customer want to connect with Fujitsu primary server . they have 10 gig module so i guess it will support with that.Also a doubt this X2-10GB-SR we can directly connect the firber sc multimode cable write no additional sfp required write .And for my knowledge if i use CVR-X2-SFP. I think to multimode sfp we have to insert write so do we get to 10 gig ports in one slot or how is it .
View 1 Replies View RelatedCould URL FIltering be implemented on Cisco ASA 5505-BUN-k9?i mean to block certain websites, like facebook, youtube, to block certain download files like .exe, .com .bat etc....Is there any extra license needed for this, or it could be done with the simple IOS ASA5505-bun-k9?
View 4 Replies View Related