Cisco Firewall :: Configuring New ASA 5520 With AIP Module?

May 14, 2011

I am configuring new ASA 5520 with AIP module for our network with HA (2 boxes), would be the best practice to configure in order to protect web servers and email server.

View 2 Replies


Cisco Firewall :: Configuring QOS On ASA 5520 Release 8.0(2)?

Jun 20, 2011

I present wish to develop a policy and template for QOS on our ASA 5520 release 8.0(2) we presently have wish to do server hosting in our network for other organization,which the they will be able to access their servers they have both public and private addresses. we do have our one servers also already in production all behind the ASA And therefore we wish to apply qos on the servers to be hosted and we wish to do this on the ASA. how to go about this to apply qos on the ASA?

View 3 Replies View Related

Cisco Firewall :: ASA 5520 - Configuring Dynamic NAT And PAT

Jan 13, 2013

To configure a dynamic NAT, PAT, or identity NAT rule, I need to perform the following steps: 

Step 1 From the Configuration > Firewall > NAT Rules pane, choose Add > Add Dynamic NAT Rule.
The Add Dynamic NAT Rule dialog box appears. However, when I click on Add I don't get the option to Add Dynamic Nat Rule. To see the options I get please see attachment.
The following is a capture of the show version:
ciscoasa# show ver Cisco Adaptive Security Appliance Software Version 8.4(2) <system> Device Manager Version 6.4(1) Compiled on Wed 15-Jun-11 18:17 by builders System image file is "Unknown, monitor mode tftp booted image" Config file at boot was "start up-config"
ciscoasa up 16 mins 57 secs Hardware: ASA 5520, 1024 MB RAM, CPU Pentium II 1000 MHz Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB  
0: Ext: GigabitEthernet0 : address is 00ab.a72f.0100, irq 0
1: Ext: GigabitEthernet1 : address is 00ab.a72f.0101, irq 0
2: Ext: GigabitEthernet2 : address is 0000.ab6d.9802, irq 0
This platform has an ASA 5520 VPN Plus license. Serial Number: 123456789AB
Running Permanent Activation Key: 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5
Configuration register is 0x0
Configuration has not been modified since last system restart.

View 8 Replies View Related

Cisco Firewall :: Asa 5520 - How To Filter URL Which Includes HTTPS Using CSC SSM Module

Jan 7, 2011

How to filter URL which includes "https", using the csc ssm module?

View 5 Replies View Related

Cisco Firewall :: Configuring Virtual MAC Addresses On ASA 5520?

Jul 21, 2012

I configure the virtual MAC address for a interface on ASA 5520, will enter the following command on the active unit:
failover mac address Inside 0012.3456.789a 0023.4567.89ab
The active MAC address is of the same as the Inside's burned-in MAC address of the active unit.Similarly, the standby MAC address is of the same as the Inside's burned-in MAC address of the standby unit.Do I get the effect of failover mac address command?

View 1 Replies View Related

Cisco Firewall :: Configuring Inbound Access On ASA 5520

Dec 18, 2011

I have successfully been able to allow outbound access from inbound hosts  on the appliance; however, I have only one outbound IP address and had to configure outbound access using static PAT.  What I need to do is to configure access to certain inbound hosts from outside.  What's wrong with my running config?  Below are the commands that I believe need to be changed from the configuration. [code]

View 14 Replies View Related

Cisco Firewall :: 5520 - Configuring ASA Management On Sub-interface

Jul 27, 2010

I have two ASA 5520 with 4 Giga interfaces and 1 management interface.
I need to use 4 interfaces four data traffic
1- Inside
2- Outside
3- dmz-1
4- dmz-2
The remaining will be the management interface only.How can I configure the Statefull failover and Management?
1- I used the management0/0 for The stateful failover.
2- I used gig 0 for outside
3- I used gig 1 for inside
4- I used gig 2 for dmz-1
5- I divided the gig 3 to two sub interfaces
a- gig0/3.1 for dmz-2
b- gig0/3.2 for Management and I defined it as a management-only

View 6 Replies View Related

Cisco Firewall :: ASA 5520 CSC Module Per Subnet / IP Group Inspection Profile

Sep 7, 2011

verify if the ASA 5520 CSC module way of applying security policy (http, smtp, pop3, etc.) is per network/subnet or group of users? Based on my understanding through reading, web and email protection profile/config is global. It will be the same to every network user that is redirected via service-policy config on the ASA.
Scenario: I have two VLAN, guest and employee. Of course guest and employee have different web filter profile. Can i configure it such that guest web-filter profile is not just strict while employee's access is limited only to productive internet sites.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 Configuring Active Standby High Availability

Nov 1, 2011

I am new to Cisco firewalls. We are moving from a different vendor to Cisco ASA 5520s.I have two ASA 5520s running ASA 8.2(5). I am managing them with ASDM 6.4(5).I am trying to setup Active/Standby using the High Availability Wizard. I have interfaces on each device setup with just an IP address and subnet mask. Primary is and secondary is The interfaces are connected to a switch and these interfaces are the only nodes on this switch. When I run the Wizard on the primary, configure for Active/Standby, enter the peer IP of and I get an error message saying that the peer test failed, followed by an error saying ASDM is temporarily unable to connect to the firewall.

View 5 Replies View Related

Cisco WAN :: Configuring Xconnect On 6708 Module

Dec 29, 2010

i have 2 X 6509 with 6708 & sip-400 with spa 1XOC-48.i need to have a layer 2 tunnel between them.can i have a vpls configuration with that scenario ?, meaning configuring the Xconnect on the 6708 module and the sipspa will do the vpls encapsulation ?

View 1 Replies View Related

Cisco WAN :: Configuring 1841 Router With WIC-ADSL1 Module?

Aug 16, 2011

I only know a little about programming a CISCO router but I know the config I setup is not working...
Here is what I want to do...
The ISP provides us with IP Addresses via DHCP. Our public address is NOT static so the interface on the DSL Module needs to be provisioned to get a DHCP address with a CLASS C License.The IP address of the Router should be subnet= LAN Clients need receive their IP address via DHCP EXCEPT for a range of 100 addresses. The lan Clients only need about 40 DHCP addresses.ONE of the Lan Clients ( needs to have ports 25, 1723, and others forwarded to it. 
Below is the config I am trying to use but I can't even ping the router from the LAN.

View 41 Replies View Related

Cisco WAN :: 3945 - Configuring Routing With Switch Module SM-ES3-24P

Oct 11, 2011

We have Cisco 3945 Router with SM-ES3-24P Switch Module. when we tried to configure routing in Router and Layer 3 ports on Switch module, the inter-communicaiton is not working?
how we can use routing in 3945 with SM-ES3-24P module?

View 2 Replies View Related

Cisco Switching/Routing :: Configuring EtherSwitch Module On A C2911 ISR G2?

Jun 12, 2013

We just received a new C2911 G2 ISR and have been trying to configure the EtherSwitch SM-ES2-24-P module on it. Through the router console, I tried assigning an IP address to the router Gi1/1 interface which I assume is the link to the Etherswitch module but all I'm getting is "IP addresses may not be configured on L2 links" - as per the docs, I should be able to assign an IP address on that "logical" interface link.  Any other way for me to configure the ports on that switch module? 

View 5 Replies View Related

Cisco Switching/Routing :: Configuring 1941 With 8 Port EHWic Switch Module And Onboard GE Ports In Single LAN?

Jul 1, 2012

Can you configure a Cisco 1941 to use an 8 port EHWic module and the 2 onboard GE ports in a single LAN?

I've discovered you can't have the on GE ports associated with a VLan, and I'm when I've previously researched for a solution, bridging was mentioned but I cannot seem to get it to work (or completely understand it)The reason I would like to use all 10 ports on for the LAN is becuase I have 10 devices I need to connect to the 1941?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Configuring AAA On ASA 5520

Dec 15, 2012

We have an IAS (Internet Authentication Server) to authenticate all our network devices. This server is integrated with our local AD server so that we can use our domain credentials to login into the netwoerk devices. i have successfully configured all our L2 & L3 switches with IAS but facing issue with ASA 5520. Below is the config i have applied on ASA. When i am testing the authentication with IAS server, i am getting "Authentication Successful" message.
aaa-server AAA protocol radius
aaa-server AAA host
key *****


Also when i am trying to telnet the Firewall, i am directly getting password promt. I should first get the username promt wherein i can enter my domain username.

View 1 Replies View Related

Cisco Security :: Configuring SSL Certificate On ASA 5520

Jun 20, 2011

I have a SSL certificate from a third party that is showing under the Identity in ADSM, howerver the audit scan of the firewall shows that the SSL Certificate Signed with an unknown certification Authority. I have installed the Intermediate Primary and Secondary Certificate from the third party under the CA Certificate of the ADSM however when I verify the SSL certificate it still shows as self-signed. What other steps do I miss. I have attached some screenshots.

View 2 Replies View Related

Cisco VPN :: Configuring Split-tunneling On ASA 5520

May 28, 2012

I have some troubles configuring split-tunneling on ASA 5520.Number of remote users establish ipsec connection with ASA 5520 (in central office) using ubuntu vpnc-client.Split-tunneling is in use, to allow remote users to surf Internet using their ISP.The goal is to remove the possibility to ssh/telnet servers inside corporate LAN for remote users. [code]

There is nat enabled on interface, but there is special statement in nat0 ACL for subnetwork access-list INSIDE_LAN_nat0_outbound extended permit ip problem is that remote users can easely ssh and telnet servers in INSIDE_LAN network. Whatever i put in INSIDE_LAN_in ACL, remote users still have full access to this network. Restrictions in REMOTE_split ACL don't work either.

View 2 Replies View Related

AAA/Identity/Nac :: Configuring Authorization ASA 5520 - Level 15

Sep 10, 2012

I have an ASA 5520 8.2(5) with ACS 5.1, I made the configutation of Authentication and is working well, now how I can configure the authorization and get  into the privileged level 15 mode directly.

View 6 Replies View Related

Cisco Firewall :: ASA Version 9.0(1) / Configuring NAT On Intranet Firewall?

Dec 26, 2012

configuring NAT on intranet firewall. here is the my topology:
  DMZ Network  - - - - - - - - - External Firewall   - - - - - - - - - Internet
  Internal Network  - - - - - - - - - Internal Firewall  
1) I can Ping the intneral host from external firewall, internet firewall and DMZ network

2) Both ASA's are running OS Version 9.0(1)

3) ACL used permit IP any any, on both (i.e inside and outside)
NAT configuration on Internal Firewall  (Identity NAT)
object network MGMT-SRV-INSIDE           subnet
object network MGMT-SRV-identity
 object network MGMT-SRV-INSIDE           nat (Inside,Outside) static MGMT-SRV-identity


View 1 Replies View Related

Cisco Firewall :: Different Between ASA-5520-K9 And ASA-5520-K8

Nov 2, 2012

We were using ASA-5520-K9 with  ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.

View 1 Replies View Related

Cisco Firewall :: Configuring ASA 5505 Firewall

Sep 21, 2012

I am configuring a Cisco ASA 5505 firewall.In the office there is 1 x SBS 2008 server and 5 x PCs, all sat behind a Netgear DGN1000 ADSL router.We want to implement a ASA 5505 for added security.I have configured the internal interface of the Cisco ASA 5505 to be - this is connected to local switch. The client PCs use as their default gateway.I have configured the external ASA 5505 interface to be x.x.x.217. [code]Change the current router status from Router/Firewall/Modem to Modem only (Bridge mode). The ASA 5505 has its outside interface connected into one of the LAN ports of the netgear. The lan port has an IP of

View 3 Replies View Related

Cisco Firewall :: 5585-x With IPS SSM 40 Module

Jun 2, 2013

We have installed 5585-x in active/active mode with transparent firewall. We have created two virtual sersors for vs1 and vs2 in IPS module and linked with ASA context C1(vs1), C2(vs2) and admin(vs0).

As firewall is working in transparent mode, we have bridge IP address for context C1 and for context C2

I have added default routed for context C1 .It is in the outside of asa and SVI on switch.For the other context C2

IP address range for the IPS module and what should be the gateway for IPS module.AS the traffic is coming from outside and going to inside interface of ASA.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - CSC SSM Module

Mar 24, 2011

I am using an ASA5510 and I would like integrate the CSC SSM module in it. What is the Process to upgrade, is it possible and Where I can find it ?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 With IPS Module?

Oct 1, 2012

I have a couple of ASA 5510 firewalls configured and working.  I'm now charged with configuring the IPS modules.  I'm having to do this remotely.  Since the IPS module hasn't been configured I'm guessing it's on with the default username/password.
I'm told that the workstation I access from connects through a switch to the ASA and to the IPS.
I've set the ASA management port to  I can't ping - not sure I'm supposed to be able to.  In the ASDM, Configure IPS prompts for an IP address.  Entering returns "IP address of the management port is unreachable". 

View 4 Replies View Related

Cisco Firewall :: AIP-SSM-10 Module For ASA 5510

Jul 5, 2012

How can I update the expired certificate in AIP-SSM-10 Module using CLI or ASDM.....Here;s the output from the device....and also is there a way I can generate some daily or weekly reports in a graphs.
edge-s2# show versionApplication Partition:
Cisco Intrusion Prevention System, Version 7.0(2)E4
Host:    Realm Keys          key1.0Signature Definition:Signature Update     


View 1 Replies View Related

Cisco Firewall :: ASA 5540 IPS Module Removal

May 20, 2012

I have 2 ASA 5540's that I want to run in HA A/F.  The active ASA has an IPS module running.  I no longer need this and would rather remove it than purchase another module for the spare.  What is the process to do this safely? After removal will the HA wizard recognize that the module was removed or do I have to update the software?

View 3 Replies View Related

Cisco Firewall :: ASA 5550 Module 1 Interface

Oct 25, 2011

Is it possible to use ports from 2 SFP and 2 RJ45 Interface on ASA 5550 Module 1.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Csc Module Hangs Up

Aug 15, 2011

As i'm facing the issue with Cisco CSC module installed on ASA 5510, It hangs up and doesnt work sometime, so it is bypassing all the traffic without inspection through CSC module. After restarting ASA 5510 box, it works fine as it used to work. Now, My question is how can i refresh the module again without interrupting the ASA box/ and how can i avoid this problem forever? Because i cant interrupt the daily work due to this module problem by restarting the box again and again.

View 1 Replies View Related

Cisco Firewall :: Configuring NAT In 8.3 Using DMZ 2

Sep 26, 2011

We have a requirement where we need to enable a dynamic NAT from DMZ-1 to Inside, I gave the command below, but for some reason it does not work.nat (DMZ-2,Inside) source dynamic any interface,NOTE: The access-list is permitting all the traffic from DMZ-1 and Inside (for test)

View 1 Replies View Related

Cisco Firewall :: ASA CX Module Is Now Compatible With 5512x - 5555x

Jan 6, 2013

i found this part number for asa5512x product "ASA5512-SSD120-K9" it's a New Product Hold and under group "Cisco ASA CX Context-Aware Security" Who have know more information about this? Cisco ASA CX Context-Aware Security ASA5512-SSD120-K9 ASA 5512-X with SW, 6GE Data, 1GE Mgmt, AC,3DES/AES,SSD 120G

View 3 Replies View Related

Cisco Firewall :: IPS Module Setup On 5500-X Series ASA

May 16, 2013

Since the 5500X series firewalls use a software IPS SSM that is set up differently from the old ones, I am a little confused on the initial setup.
we see a proposed setup for L3 management of the IPS
interface GigabitEthernet0/0
nameif outside security-level 0
ip address


View 1 Replies View Related

Cisco Firewall :: ASA 5580 With 4*10 GB Module Act / Act Failover Not Working

Jul 11, 2012

If we switch from primary to secondary firewall the interfaces on the secondary  go to state waitung than to failed. after awhile the secondary gives the control to the primary.
it seem that traffic passes the secondary firewall during this short failover time . we have several context created  on the firewall, Switch Ports checked , cabeling check everythink checked
blackhole Interface inside ( Normal (Waiting)
blackhole Interface shared ( Normal (Waiting)         
blackhole Interface inside ( Failed (Waiting)
blackhole Interface shared ( Normal
blackhole Interface inside ( Normal (Waiting)
blackhole Interface shared ( Normal

View 5 Replies View Related

Cisco Firewall :: Does ASA Services Module 9.x Is Compatible With CAT6500

Jan 3, 2013

I am trying to figure out if the new code for ASA SM 9.0(x) or 9.1 is compatible with CAT6500 but I could not find any document that explicity confirms the the INCOMPATIBILITY. This table from the Release notes is not quite clear.

It says that code 8.5 is compatible with Cat6500 and version 9.X is compatible with R7600.So are the two different trains now, one for Cat6500 and one for R7600?
My real goal is to find the correct software versions (not interim) that provides compatilibity with Catalyst 6500 with Supervisor 2T  and ASASM.

View 3 Replies View Related

Copyrights 2005-15, All rights reserved