Cisco Firewall :: Replace Zywall With 5520 ASA

Jun 24, 2012

i have to replace our zywall with an 5520 asa. [ode]

-connections from inside out outside, inside to dmz and inside to wlan.
-connections from wlan to outside, wlan to dmz
-connections from dmz to outside

connection from outside to dmz only for port 25,110,143,80,443,22 on ip 82.218.135.3.connections from outside 82.218.6.10:3389 to ip 10.1.0.200:3389. [code]

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: 5520 - Procedure To Replace Failed Secondary ASA Unit

Apr 10, 2012

i just received a RMA for failed ASA 5520 that was acting as secondary unit in multicontext configuration. What would be correct procedure to install it back in production? Do i need to restore backed up config of the fallen unit or is it just enough to enable multimode and connect to existing (primary) unit? Any good link for documentation that deal with this issues.

View 5 Replies View Related

Cisco Firewall :: Firewall / Can ASR 1006 Replace ASA 5580

Oct 30, 2011

i check ASR 1006 config with ESP-40, the firewall permonce can reach 40G, ASA 5580 is 20G, can ASR 1006 replace ASA 5580, is there any function feature problem?

View 1 Replies View Related

Cisco VPN :: VPN SRP541w To Zyxel Zywall 70?

Dec 7, 2011

i have recently successfully configured an IPSEC VPN from a SRP541 to our Zyxel Zywall 70 (main site).
 
I can ping all devices on the remote Site except the Cisco-Router!I tried to disable tohefirewall and did set "Anonymous Internet Requests" to "disabled".But still no ping (and no web management) over the VPN possible.
 
I must admit i am totally new to Cisco devices (up to now, we used only Zyxel) - so is guess it must be something very basic i am missing.

View 1 Replies View Related

Home Network :: ZyWall USG20 Multiple Static IPs?

Jan 15, 2013

I've got a server that is connected to the network through one physical ethernet adapter. From my ISP, I got 4 static, public IP adresses, one of which is in use on the Host-Server itself, the remaining three each on a virtualized server. All 4 Servers are running on the same machine.Everything is running smoothly, however, I need to do some Bandwidth Management and Port Mapping, this is why I bought a ZyWall USG20, thinking it would be perfectly capable of doing what I need. is it possible, with a ZyWall USG20, to have all my four IP adresses being forwarded to the one physical machine, and apply some bandwith shaping and port mapping to it?

View 9 Replies View Related

Cisco Firewall :: ASA 8.4 - New Configuration To Replace Old NAT 0 Command

Jan 15, 2012

What is the new configuration in ASA 8.4 to replace the old "nat 0" command.

View 1 Replies View Related

Cisco Firewall :: Upgrade / Replace 515E With ASA

May 15, 2012

I need to upgrade/ replace a Cisco 515 E firewall with a Cisco ASA. Not sure what model yet! The pix has about 80 lines of ACLs and I side and outside interfaces with No VPNs.. I was wondering of those lines of ACLs can be transferred over to ASA as is or there are things I need to watch for ?

View 21 Replies View Related

Cisco Firewall :: To Replace Sonicwall NSA240 In SME Environment?

Oct 17, 2011

I am looking for a Cisco firewall to replace a Sonicwall NSA240 firewall in SME environment?

View 3 Replies View Related

Networking :: Zywall USG200 Internet Connection If Modem And Switch Got Switched In

Nov 25, 2012

I got a retired Zyxel Zywall USG200 from work. Its working just subs ran out. Was thinking of putting it on my home network, any reason not to? I'm a sys admin, not network engineer, so while I'm capable I'm not an ace with this type of equipment.. Which is why I want to mess with it. I'm currently RTFM and it seems pretty straight forward. If it seems like a viable piece of equipment I'd like to use it full time.
How bad can I break the internets and subject myself to the wrath of my wife's downed internet connection =D if I plug it in between modem and the switch?

View 2 Replies View Related

Cisco Switching/Routing :: 1921 To Replace A Software Firewall

Feb 26, 2013

We purchased a cisco 1921 router to replace a software firwall not long ago. The router was sold as a firewall with the suggestion that an ASA would be unnecessary.Unfortunately a router does not replace/do the jobs a firewall does, so I looked online and noticed that Cisco do offer firweall security features in one of their IOS.How do I tell if this is implemented on my router?If not, does my IOS support this, or do I need to buy an extension/another version of the IOS?,The version of the IOS I have is: c1900-universalk9-mz.SPA.151-4.M4.bin.

View 3 Replies View Related

Cisco Firewall :: Different Between ASA-5520-K9 And ASA-5520-K8

Nov 2, 2012

We were using ASA-5520-K9 with  ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.

View 1 Replies View Related

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
 
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
 
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 - Routed Management Interface On Transparent Firewall?

May 5, 2013

I have an asa 5520.  How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?

View 1 Replies View Related

Cisco Firewall :: 5520 Identity Based Firewall Doesn't Work Using Citric Published

Jul 26, 2012

We are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
 
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
 
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
 
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.

View 17 Replies View Related

Cisco Firewall :: Launch LAND Attack Against Firewall ASA 5520

Apr 15, 2013

I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.

View 1 Replies View Related

Cisco Firewall :: 5520 Single Firewall With 2 Core Switches

Jan 4, 2012

Two different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.

View 8 Replies View Related

Cisco Firewall :: ASA 5520 - NTP Server For Firewall Clock Setting

May 22, 2013

I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
 
[URL] 209.151.225.100
  
Can I use the following command to set ntp server?
 
ntp server 209.151.225.100 source outside.

View 3 Replies View Related

Cisco Firewall :: Make Communication Between 2 Vlans On Firewall 5520 ASA 8.2

Jan 1, 2012

communication between 2 vlans.i have 2 vlans
 
Vlan 100
ip add 1.1.1.1
!
!
!
Vlan 200
ip add    2.2.2.2 
 
i want to make communication between 2 vlans on firewall 5520 ASA 8.2.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Corporate Firewall Crash

Feb 27, 2011

I have a serious problem with my corporate firewall, witch is an ASA 5520, fv 8.3, with 8 +1 interfaces. It suddenly started to crash every 10/20 minutes and rebooting alone.
 
First of all I checked system resources witch are in a very low usage state. I also checked interfaces errors, but nothing strange come out o from error counters analysis. I tried disabling logging and all the service policy rules configured, but nothing changed.
 
Nothing changed and firewall continue restarting by itself.
 
Last logs I received before crash were:
 
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =   0x084A619E  0x084A6512  0x084A70E1  0x084A7987  0x084A7AAA  0x08558B9B  0x08558E8A  0x083D3518  0x083CA145  0x080659D1  0x089196D9  0x08919790  0x089FF711  0x08A27468

Here the sh crash info command on module 0, after last reboot:
[Code] ......

View 12 Replies View Related

Cisco Firewall :: 5520 Firewall Management Port

Nov 29, 2011

we are having a firewall asa 5520 .we have connected the  management port and inside port to internal network and dmz port to dmz network.now we need to configure tacacs and other management tool on dmz devices through management port. The problem is the management devices tacacs and other are placed in internal network.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - NAT And Firewall Access Control

Oct 4, 2012

I have an ASA 5520 in my company which does all our NAT and Firewall access control.  Currently there is a rule in place to allow an incoming connection on port 2222 from a specific ip address to allow access to a web app our developers created.  This is a test before the web app is released live.  Now the web app can communicate with the specific address and port but the incoming connection on port 2222 isn't getting through.  Everything looks great in the firewall but how can I log any hits this ACL takes to identify any potential problems?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - VPN Traffic Is Getting Dropped Through Firewall

Apr 8, 2011

Our Local Network is behind the CISCO ASA Firewall.Whenever we are accessing to Client VPN server,it is getting connected but after few Minutes (May be 5/10/30 Min),the sessions are terminating. The same traffic through PIX is no issue , only with ASA Firewall. See the following Error and request you give the possible root cause for this.
 
2011-04-09 16:15:09    Local4.Info    172.16.1.68    %ASA-6-302016: Tear down UDP connection 87447908 for OUTSIDE:68.22.26.66/4500 to inside:172.16.9.10/4410 duration 0:27:49 bytes 18653

View 1 Replies View Related

Cisco Firewall :: 5520 - Firewall Behind Two GLBP Routers

May 29, 2012

I have problem in the configuration of Cisco ASA 5520, IOS version 8.4. The connection is as follows: LAN network--> Firewall --> Routers with GLBP with virtual ip address. the clients can not ping the virtual interface of the GLBP group, but I can ping it from the firewall, and I can ping the clients from the firewall, I checked the packet tracer it gives :
 
Phase: 7
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside10,outside) source dynamic LAN interface
Additional Information:(code)

View 1 Replies View Related

Cisco Firewall :: Does ASA 5520 Have Layer 7 Firewall

Oct 24, 2012

Need to know if ASA  5520 does Layer 7 firewall or  not?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 (Ver 8.2) - HTTP Behind Firewall

Jan 26, 2012

Two days ago, we changed our old 525 with asa 5520 ( ver 8.2 ). Configuration is the same, except the version. It even retains the same global interface and static public ip address as the old device.All worked well during that period.
 
Yesterday, one of the http applications , not tested other day, was found not to be working. To test, we switched back to the old 525 , however nothing was working when we did that.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 CPU Utilization Is 100 %

Sep 27, 2011

We have configured 20 route in ASA 5520. The CPU usage goes to 100 % at the moment when we add a specific route.route inside 10.254.101.0 255. 255. 255.0 10.254.102.254 1.This is the same case when we add this route at the first cli or as the 10th cli or the 21 cli (errespective of the position of cli) There is an another route out of which 20 routes we have configured is route inside 10.254.103.0 255.255.255.0 10.254.102.254 1.The normal case if we dont add the problamatic route , then the CPU utilization is only 2 %.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 With Failover NAT With Two ISP?

Jun 20, 2011

Currently we have one ISP1 and all traffic goes to this way. Suppose our isp1 goes down, our outside user cant get the server. All servers are nated to this ISP1.We planned to purchase a another ISP2. Shall we Configure same inside server to map this ISP2? so that one primary ISP1 goes down it will take place the outside trafficISP2.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Nat Translation Max?

Aug 24, 2012

I am going with ASA 5520, know how many NAT translation is possible.

View 2 Replies View Related

Cisco Firewall :: Can Buy Plus License For ASA 5520

Jan 11, 2012

Can i buy a plus license for asa 5520??

View 2 Replies View Related

Cisco Firewall :: 5520 / Does ASA Have Open SSL

Mar 19, 2013

On one of our firewalls we hosting a application/service which impacts clients and we recently conducted a Pen test, the external company doing the Pen test have advised us that there is a vulnerability relating to OpenSSL. We have checked the server and there is no OpenSSL installed so the only place where it could be picking this up is on the ASA, is this correct?Here is the report from the company that conducted the test:4.3 Network Security An outdated OpenSSL package was identified that was vulnerable to a heap corruption bug that may be exploited by an attacker to acquire command execution on the host, or to create denial of service conditions. Table 7   provides an overview of the risk identified per network assessment category,   along with recommendations for resolving the issues identified. Category

Risk
Summary
Recommendations
Patch Management
High

The OpenSSL package installed   on one host was identified as being outdated and subject to a heap corruption   bug. Update the outdated /  vulnerable OpenSSL package to the latest stable version. We have an ASA5520 and running the following version: Cisco Adaptive Security Appliance Software Version 8.2(5)2 How do we check the OpenSSL on the ASA and secondly do we need to update the ASA software version ?

View 3 Replies View Related

Cisco Firewall :: ASA 5520 - How To See Write Log

Aug 5, 2011

I want to see log for write on ASA5520. who & when write lastly and who write before. How to see this log. In show vershon i see last modified date, but not log.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 Failover With SLA?

Jul 19, 2011

Is it possible to setup 2 x Cisco ASA 5520 that are in an Active/Standby failover using sla monitoring?
 
For example ASA1 outside interface connects to an upstream switch and you setup sla monitor with icmp echo to ping that switch. The switch goes down and you need the other ASA2 to become the Active ASA. Can the sla monitor be automatically integrated with the failover commands for this to happen?

View 5 Replies View Related

Cisco Firewall :: 5520 Can Get An 8.6 Version

Apr 8, 2012

We want to make an upgrade of one of our customers' ASA 5520 (with failover). They have version 8.2 now and we want to get the more stable newest one. Can we get an 8.6 version? or we need an ASA 5500X for that one?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved