We have an ASA5520 firewall, IOS 8.0(4), running in routed mode with an operational Cisco 2821 router to ASA-5520 L2L IPsec VPN.:All Internet searches explain how to enable a L2L IPsec VPN from the LOWER security-level interface to a HIGHER security-level interface- and this is how our setup is configured and it is operational and working fine.:We now have a need to setup another L2L IPsec VPN tunnel on the same firewall BUT this time traffic will be arriving on the HIGHER security-level interface destination is to a LOWER security-level interface.:Is it possible to enable a L2L IPsec VPN tunnel between a HIGHER security-level interface to a LOWER security-level interface?
Is it possible have Content Security and Control Security in a ASA 5585-X? I´m asking because the CSC-SSM is only supported in ASA 5540, 5520 and 5510 and I dont know how it feature ca be supported on a new ASA 5585-X.
I have to upgrade to an ASA 5510 CSC, and the new license is generated, the file you sent me licensing, only seen this:Activation Code not required for this renewal. Please go to "Administration> Product License" in the CSC SSM console and click "Check Status Online" to get the latest expiration date (BASE: 09/04/2014, PLUS: 09/04/2014).This means that what I have not make any upgrades or license charge in the ASA? Does the automatic update is made?
ASA code 8.3 and higher uses NAT objects and totally changes the NAT rule config. I am new to FWSM .... but was wondering if this comparable ? I am lookinig at upgrading FWSM 3.1(16) to a higher 4.1 version .... but have a feeling this could be a huge task if NAT config changes as with the ASA's
I recently had a issue with conecting Cat4500-E switches with SupIV to CAM. I have recieved error message "unable to control x.x.x.x".Whole problem was switch OID not in the database of CAM. For those experiencing the same problem go to on the CAM:
Device Management > Clean Access > Updates > Update CHECK "all" options and RUN UPDATE!
I have an ASA 5520 in my company which does all our NAT and Firewall access control. Currently there is a rule in place to allow an incoming connection on port 2222 from a specific ip address to allow access to a web app our developers created. This is a test before the web app is released live. Now the web app can communicate with the specific address and port but the incoming connection on port 2222 isn't getting through. Everything looks great in the firewall but how can I log any hits this ACL takes to identify any potential problems?
I have a tunnel between a PIX 515E version 7.2(2)and a Cisco 3800 version 12.3(11r). There is a mismatch somewere in the configs but I cannot find it. I have included the configs and the syslog errors.
how to disable XAuth for Remote VPN users on the ASA 5510 running 7.2(1)?
HPMFIRE(config)# tunnel-group vpn3000 general-attributes HPMFIRE(config-tunnel-general)# authen HPMFIRE(config-tunnel-general)# authentication-server-group none ERROR: The authentication-server-group none command has been deprecated. The isakmp command in the ipsec-attributes should be used instead.
I couldn't find anything under isakmp to disable it.
McAffee scan of acs 1113 appliance running the 4.2 build 124 patch 12 version reports that a medium vulnerability exists because the system has SSH version 1. Any way to specify only version 2 or turn off SSH?
I am on BrightHouse cable internet and running a Netgear WGT624 v3 wireless router and WPA-PSK + WPA2-PSK. Computer1 is the only computer on the network at present and is connected via CAT5 cable. No wireless computers here are turned on.If I enable wireless radio, my SpeedTest (www.speedtest.net) is consistently 2- to 3 Megs slower than when wireless is turned off. I have run this comparison over a dozen times spread out over about a 14 hour period.
I have an ASA 5510 running ASDM 6.4(9) and Cisco Adaptive Security Appliance Software Version 8.4(4)1.I am trying to configure for the first time and I am accessing the ASA via its Management Interface.I am successfully able to connect to the device and get to the Cisco ASDM 6.4(9) page.When I try to run the startup wizard, a couple of prompts displays up to the point where the java applet runs and aks me to enter my IP, username and password.As it is a new system, password and username is blank so I enter and I get a message saying "loading software from cache" which later changes to "software Update completed" and then nothing happens.I am running MacOSX 10.7 Lion, Java version 1.6.0_33.I did try and run this on a Windows system and i was able to load the interface.
Is it possible to lower the power draw on the Aironet 1552e AP (AIR-CAP1552E-N-K9) so it will run on a standard PoE device (IEEE 802.3af). The spec sheet for the AP says you need to either use the Cisco PoE injector (AIR-PWRINJ1500-2=).Is there possibly a firmware upgrade/downgrade or some sort of command I can use?The APs being used are running LWAPP and require a controller.
I'm a bit confused about new NAT functionality in Ver 8.4(2). I've gone through all the documentation as well as different blogs but still not clear about the various things.One of these is NAT-CONTROL. I understand that this has now been removed. Does this means that traffic traversing the ASA doesn't need any NAT'ing commands unless specifically required by the administrator? In other words by default traffic is allowed through the firewall without any NAT'ing.
My Second Query
I've ASA5520 running ver 8.4(2). For inside interface, I've created 13 x sub-interfaces under Gi0/1. All have same security level i.e. 100. What I want to achieve is that:Traffic from these sub-interfaces should be NATTed to outside interface when going to internetBut, intra sub-interface traffic should be allowed without NAT'ing. I'm using RFC1918 on both sides i.e. source / destination The first point is not a problem it's working, however. I'm struggling with the second point. On ver 8.2, it wasn't a problem, I used NAT 0 with access-list permitting RFC1918 addresses as source and destination.
I am in a process of replacing the Cisco ASA 5510 with 7.3 OS with a new Cisco ASA 5515X with 8.6OS. In the existing Cisco ASA 5510, we have configured 'no nat-control' for which the traffic from all sub-interfaces were flowing to the lower security interfaces without any NAT command. Just access-lists were configured. Now how do i acheive the same in the Cisco ASA 5515X with 8.6? I do not find any 'no nat-control' command available for it.
I have a 1.25 mbps download and .2 upload speed. I have a netgear n600 router and have wireless and cannot change to wired. I have around a 120 ping all most always. My current speed is the best in my area too. Is there any kind of equipment that will give me a lower ping for online gaming? Is there any router settings for this?
I just recently purchased a Linksys WAG320N and replaced a setup with Linksys AM200 modem and a good ole Linksys WRT54GL. Problem is that after the switch i immediately got around 100 KB lower transfer speeds no matter what source i use or kind of transfer i perform. If i earlier got for example 860KB/sec i now only gets 760KB/sec.I´ve set the modem/router up pretty much using the default values, are there any settings i could change to get a more efficient use of my bandwidth? I am using the provided network cable that came with the WAG320N, but i have also tested with other cat 5 cables. The file transfers are taking place using cable attached devices only.
I am using a linksys E3000 router, and a linksys AE1000 adapter with XP system, for some reason adapter always has to reconnect, disconnect, reconnect. and even with good connection, it only has a maximum speed 144MBPS. How to reset the adapter or the router so it won't get disconnect so often and maximize the speed.
I am currently migrating a netscreen firewall to a asa 5515 version 8.6 The issue is setting up the management connectivity.
basically the management IP of the cisco asa is not advertised. But, we want to route a management IP through the management interface to interface Gi0/2.
so IP of management interface is say - 126.96.36.199. and the IP of the inside interface is say - 188.8.131.52/24 on our router we have a static route sending 184.108.40.206/24 to next hop of 220.127.116.11 (management interface of cisco asa).
On the Cisco ASA can I send the traffic to the inside interface and manage the firewall via ssh that way?
I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?
My client has the inside network on interface gig0/1.100 and the guest network on gig0/2.200. The whole 10.77.1.0/24 network needs to be able to reach the server with IP 10.47.47.80 using HTTP. The access list is in place ont the guest interface to allow traffic to the server. The problem is that when I do a packet trace to see the traffic flow, it is dropped on a NAT rpf-check. NAT control is disabled. [code]