Cisco WAN :: Anti Spoofing With 3825

May 5, 2011

Is there any way  to configure 3825 to ensure that all packets have a source IP address  that matches the correct source interface (similar to ASA's 'ip verify reverse-path interface')? Currently, we manage anti spoofing with a bunch of ACLs, however I'm looking for a more manageable solution.

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: To Enable Anti Spoofing ASA 5505

Apr 24, 2011

What is Anti Spoofing in ASA 5505. Can I enable it on ASA 5505. If yes , port will be inside or Outside. ? or both ?

View 1 Replies View Related

Cisco Firewall :: IS There Any Drawback To Enable Anti-spoofing In All PIX 535

May 30, 2011

We are runing PIX 535 with software version 8.02. In ASDM,  I see  anti-spoofing is diable in all interfaces. If I enable it, is there any negative effect? Can I enable it in DMZ, inside, and outside interfaces?

View 2 Replies View Related

Cisco Firewall :: PIX 525 Anti-Spoofing Attack Protection

Mar 19, 2011

I have multiple questions about the PIX 525 software version 8.0(2) ASDM 6.0 (2)I am a windows network admin that is new to Cisco and routing in general. I have read through the forums and the Cisco documentation, but have not been able to fully understand the topics discussed within.

1. Anti-Spoofing Attack Protection
2. Scanning Threat Detection - Auto Shun
3. NTP Sync Verification
4. QoS implementation5. IOS and ASDM Backup
 
This option is currently DISSABLED for all interfaces.I know what ip address spoofing is, but what is the functionality of these options specifically? How does it work and should I enable it and for which interfaces? Second Question: Scanning Threat Detection - Auto Shun
 
I found this option in ASDM under: Configuration --> Firewall --> Threat Detection.Enable Basic Threat Detection and Enable Scanning Threat Detection are both currently ENABLED, but Shun Hosts detected by scanning threat is currently DISABLED. Also, the Networks Excluded from Shun field is empty. I know what the shun command does. I have used it many times when I have been fortunate enough to catch some piece of **** trying to spam my mail server or gain access to it.
 
What I am asking specifically is how does the Auto Shun work? Should I enable it and what are the potential consequences? Also, what exactly is a scanning attack?
 
I am not familiar enough with the PIX and with the topics discussed in the document to successfully apply the info within. Plus, I'm not sure it covers the kind of basic, all-inclusive bandwith cap I would like to put in place.
 
The goal is to cap the maximum internet (outside) bandwidth that inside5 can use to a reasonable percentage while allowing the other interfaces to have the remainder.

How would I go about this implementation? 2. Is there a way to allow inside1 - inside4 to use max bandwidth when there is no traffic on inside5?
 
I am probably, at least, the third owner of this device and I do not have an account with Cisco nor can my tiny (perhaps non-exsistant given the current economic state) IT budget afford any form of support or software licensing with them.My goal is to backup the IOS and ASDM data in the event that I have to replace the device due to a hardware failure.
 
I found a file transfer function within ASDM which allowed my to copy the files pix802.bin, asdm-602.bin and tfp from flash to my desktop computer. I also have a copy of the activation key info and my current configuration.
 
1. Have I backed up all the data/info I would need to restore this software and ASDM to another unit.
2. The activation key screen also has a serial number field. Is this the hardware serial number or is it for the software? and is it tied to this device specifically or can I use it to restore another unit if necessary?
3. Is there anything else I should do or be aware of regarding backup and restore for the PIX?
4. What is the tfp file?

View 1 Replies View Related

Cisco WAN :: IP Spoofing And Redirect Inbound Traffic C3750

Oct 9, 2012

We want design a topology based on transparent proxies using WCCP. Our proxies can do spoofing of user ip addresses. So, the HTTP request will go out our network with the user ip address as source ip. The HTTP Response will arrive with destination address the user ip address. We want use WCCP to redirect inbound and outbound traffic because we have c3750 with L2 WCCP support. The outbound redirection, when the packet is going out our network is simple. But, the problem is the inbound redirection. How we redirect this packets to proxies by WCCP?. Is it possible?. This redirection is done by c3750 using TCAMs/hardware?. Our throughput could grow until 2-3Gbps and we are worried about the performance.

View 1 Replies View Related

Networking :: Sharp Aquos IP Spoofing On LC 70LE845U

Jun 15, 2012

I just purchased a Sharp Aquos Quattron LC-70LE845U with SmartCentral user interface and I can not access any apps because I live in Puerto Rico which Sharp says is not part of the United States. I don't really care if it is or isn't but I do want to check out the apps because right now its not really a smart TV and I kinda feel a little jipped. Any way I want to spoof the IP to think that it is in the United States. However I don't think that I can go the software route because Sharp has its own operating system and browser so I don't know what would be compatible. I'm using a D-link DGL4100 router if that information is useful.

View 5 Replies View Related

Cisco Firewall :: ASA V8.4 Will Stop Pings With IPsec-Spoofing Logic

May 28, 2013

After hours of trial and error, and searching user groups, I have found that on occasion, ASA v8.4 will stop pings with the IPsec-Spoofing logic.  Interestingly, the packet-trace will say everything is allowed.
 
The fix (at least in my case, and one other) is to narrow the crypto-map to specific hosts, not subnets.

View 2 Replies View Related

Cisco :: Difference Between Anti-virus And IPS

Mar 10, 2012

If I have an updated Antivirus in my network, do you still recommend having IPS installed in my network?

View 1 Replies View Related

TP-Link ADSL2+ Wireless :: TD-W8951ND V4 - Does It Supports MAC Spoofing

Mar 31, 2013

Region : India
Model : TD-W8951ND
Hardware Version : V4
Firmware Version :
ISP :

The product manual of TD-W8951ND V4 states that it's supports MAC spoofing. But in the product itself, it is nowhere to be found. I tried contacting the customer care via email but they are too lazy to respond. If they disabled this feature then why in the world they mentioned in the manual. I double checked the manual before buying this model. Now I stuck with it.

View 4 Replies View Related

Anti-Virus For SBS 2011?

Aug 24, 2012

AV for SBS 2011 that also works with Exchange 2010? I found Trend Micro Worry-Free Business Security Advanced 7, but unfortunately it doesn't seem to have a free trial.

View 5 Replies View Related

TP-Link ADSL2+ Wireless :: TD-W8951ND V5 No Longer Have Mac Spoofing Option

Feb 20, 2013

Region : Malaysia
Model : TD-W8951ND
Hardware Version : V5
Firmware Version : V5
ISP : Streamyx

TD-W8951ND V5 No longer have Mac Spoofing support.i just bought this modem since my old one is faulty. and i realize that my modem is V5 my previous modem is V4 and there is Mac Spoofing support there.

View 1 Replies View Related

What Is The Function Of Anti Static Protection

Jul 26, 2011

what is the function of anti static protection

View 1 Replies View Related

Cisco :: 5505 VPN Failed Anti-reply Checking

Apr 4, 2013

I have many VPN sites using ASA5505 with broadband connection and terminating on a single ASA5550.I have a problem with one site. they are having poor performance. One of the issues I can see is an error on the remote ASA 5505.ive tried the reccomended fix using this command: crypto ipsec security-association replay window-size 1024.

View 1 Replies View Related

Cisco Firewall :: How To Configure ASA 5510 CSC Anti X Edition

Dec 13, 2011

how to configure ASA 5510 anti X edition ? Can I have a link explaining the configuration step by step ?

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Anti-replay Window For VPN?

Aug 11, 2011

tell me the command to view current anti-reply window size in ASA 5510?

View 7 Replies View Related

Anti-virus For Virtual Dedicated Servers

Sep 5, 2011

I plan buy a virtual dedicated server, well as for anti-virus for it I am lost where to look for and what exist [what search]? any open source? url..is enough or needed additionally and other tools? Needed and software firewall to install?

View 5 Replies View Related

Cisco Firewall :: ASA5540 - Disabling Anti-Replay For Specific Tunnel

Sep 23, 2012

We need Solution for disabling Anti-Replay on the Firewall for a specific tunnel. ASA 8.4(2) ) does not support disabling Anti-Replay on specific Ipsec tunnel , is it true , then if we want to disable Anti-replay , what we have  to do in ASA5540 .

View 4 Replies View Related

Cisco 3825 Killing The CPU

Mar 6, 2012

The process is IP Input and I'm not really sure how to troubleshoot it. I've read through all the doc's on high cpu load if I shutdown the port that feeds that network, CPU drops to around 30%, bring it back up and it jumps up to 90%+. I've got a policy map on the interface shaping the traffic
[code]...

View 19 Replies View Related

Cisco WAN :: 3825 Upgrade To 12.4(24).t6?

Sep 19, 2011

I am trying to upgrade the IOS on cisco 3825 from 124-9.T1.bin to 124.24.t6.bin, after I upload the configuration to the CF  and verify the file, everything appears fine but when I try to load the new image it fails with following error and falls back to old image :- 
 
System Bootstrap, version 12.3(11r)T2, RELEASE SOFTWARE (fc1)

Readonly ROMMON intializedboot: cannot open "flash:"
an alternate boot helper program is not specified
(monitor variable "BOOTLDR" is not set)
and unable to determine first file in bootflash
loadprog: error - on file open
boot: cannot load "c3825-advsecurityk9-mz.124-24.T6.bin"
 
Then after few minutes it boot to the Old 12(4).9 ios again.

View 17 Replies View Related

Cisco WAN :: Upgrading 3825 ISR From 12.4 To 15?

Apr 10, 2011

What are the prerequisites before doing this?  I have to upgrade a router this Wednesday evening if there is an opportunity to move it to a code that is more current that the one the client is currently running which is 12.4(25b).  I see on the Cisco Support site that after this code, everything moves to 15.

View 5 Replies View Related

Cisco :: Rate Limiting On 3825?

Feb 24, 2011

I have a 3825 with a 16 port etherswitch card installed that I'm trying to setup rate-limits on. Interface G0/0 is the connection to the outside world and int g0/1 has a couple of 2950 switches attached to it.

The etherswitch card, f1/0, f1,1 etc has corresponding vlans, 902, 903 etc each with an IP 10.110.1.x, 10.110.2.x and all part of access-group 111. The switches connect on sub-interfaces g0/1.101, g0/1.102 etc and have IP's 10.55.1.x, 10.55.2.x and part of access-group 101.

What i'm trying to achieve is that every port / IP that is on access-group 111 shares 3Mb of bandwidth in/out and access-group 101 shares a separate 3Mb of bandwidth in/out.

I've created two access-lists as follows;

access-list 101 permit ip 10.55.0.0 0.0.255.255 any
access-list 111 permit ip 10.110.0.0 0.0.255.255 any

And on int g0/0 I've created the following rate-limits;

rate-limit input access-group 101 3072000 64000 64000 conform-action transmit exceed-action drop
rate-limit input access-group 111 3072000 64000 64000 conform-action transmit exceed-action drop
rate-limit output access-group 101 3072000 64000 64000 conform-action transmit exceed-action drop
rate-limit output access-group 111 3072000 64000 64000 conform-action transmit exceed-action drop

Now instead of both access-groups having 3Mb each they all seem to be sharing 3Mb! I've tried class-maps and policy-maps but to no avail..

View 3 Replies View Related

Cisco EPC-3825 / WAN Conflicts With LAN Subnet?

Nov 11, 2011

LAN subnet conflicts with WAN subnet. My router is d-link 825 and my cable modem is Cisco EPC-3825. Op system is W7. Everything worked great with an older cable modem (Cisco 3000).

View 4 Replies View Related

Cisco WAN :: How Many IP Routes Does 3825 Support

Jan 23, 2011

I want to know the number of routes supported by CISCO3825-HSEC/K9(512MB DRAM).

View 2 Replies View Related

Cisco WAN :: How To Configure PAT On 3825 Router

Jun 26, 2012

I want to configure PAT on the router I have no configuration yet

View 1 Replies View Related

Cisco WAN :: 3825 Router - RAM Upgrade To 1 GB

Nov 6, 2012

We need to upgrade the RAM on our 3825 Cisco Router. Currently, it's 512MB and we want to upgrade it to 1GB. So do I just order another 512MB DRAM Memory? What is the part number that I need to order?
 
Here is the show ver:
 
Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2)
Technical Support: [URL]
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 19-Oct-09 21:05 by prod_rel_team(code)

View 3 Replies View Related

Cisco WAN :: Downloading 3825 Security IOS

May 16, 2011

am downloading 3825 security IOS there are two IOS of advance security, am confused what’s the difference in both Advance Security Image
 
ADVANCED SECURITYc3825-advsecurityk9-mz.124-15.T7.bin.ASK9-ASK9 FEAT SET FACTORY UPG FOR BUNDLESc3825-advsecurityk9-mz.124-15.T7.bin

View 6 Replies View Related

Cisco WAN :: 3825 - Slow CIFS Over WAN

Jul 4, 2012

This is a multi site network. Site A has a Cisco 3825 router and connects to 3 other sites over ISP A and 2 other sites over ISP B. Both ISP A & B provide a layer 2 full mesh network. ISP A provides a 100mb pipe while ISP B provides a 20mb pipe.
 
File transfers (Windows - CIFS) over ISP A's fiber are fast enough and throughput is good. However, file transfers (Windows - CIFS) over ISP B's fiber are slow, even though latency is good. On the 100MB ISP A pipe, file transfer speeds up to 6 M Bps are achieved. On the ISP B 20MB pipe, speeds up to 300KBps are seen for file transfers.
 
ISP A connects to an on board gig port on the 3825. ISP B connects to a fast ethernet port on an HWIC-2FE card on the same 3825. Both ports then connect to ISP Switches and then full meshed to remote site Cisco routers. What could be the issue? Why am I facing these issues only with ISP B even though the configs for ISP A and ISP B are the same?

View 1 Replies View Related

Cisco WAN :: NAT And Memory To Tackle With 3825

Dec 16, 2011

we have some unusual  issue when our core 3825 series router dealing  with NAT !first off to offload traffic we have two router one 3825 and other 2821 configured to support GLBP .

interface GigabitEthernet0/0
ip address a.b.c.d 255.255.255.0
ip nat outside
ip virtual-reassembly
[Code]....
 
The problem is router hangs out , intenet users suffer slowness , criticle service like telnet doesnt work . the only solution i found is a reload ,not to mention this is core router sitting on campus network edge . and servicing around 1000 users !! approx assuming all users have using internet at same time .
 
how to check , if memory is not sufficient ?further if any users using utorrent or any thing like that , does it make enormous no of connections form same pc ?

is their any  licence requird for IOS IPS ?i prefer to turn this feature on to kill torrents connections ?  but i fear crashing  of router as no of users are huge !any know bug with glbp , nat with ip voice image  C3825-IPVOICE-M  VERSION 12.4(24) T4  ???

View 3 Replies View Related

Cisco WAN :: Install A VIC3-2FXS On The 3825?

Jan 5, 2012

I have 3825 router with flash size 128 and 512 RAM.i am trying to install a VIC3-2FXS on the router.the FXS is know by the router when i put show version or show diag,unfortunately the FXS is always showing orange light.i tried to upgrade the router to c3825-advipservicesk9-mz.124-20.T.bin and to c3825-advipservicesk9-mz.151-1.T3.bin with same result.

View 1 Replies View Related

Cisco WAN :: 3825 Traffic Shaping And QoS On Multiple EVC

Feb 6, 2011

I have a 3825 with a 1Gb fiber card at one of my sites.  Our ISP and MPLS provider hand off a single gigabit fiber to us that contains 2 50MB EVC's.I need to apply QoS to one of the EVC's and shape them both to 50Mb to avoid upstream rate mismatch bottlenecks.  Both of the EVC's generally only push 10Mb during business hours.When I run UDP stream tests (various rates from 500k-6m that are marked as AF41) to one of my other sites I am consistently getting about 2% packet loss, despite the fact the circuit isn't even close to 50% saturation.  When I remove Shaping and QoS all together, the issue nearly clears itself up, except during peak hours and I get small bursts of packet loss, which is still unacceptable.When the pipe is at near zero utilization (after hours) there also is no packet loss with or with out the shaping/qos applied.

View 1 Replies View Related

Cisco WAN :: Replace Our 3825 Screening Router

Mar 25, 2012

We use a 3825 router to screen alot of the junk from the internet side or our firewall. Its worked well for the last 4 years buthas rebooted multiple times in the last month for no apparent reason.At this point I think  I would prefer to replace it.Our current internet link is 100Mbps and this router handles that quite well. Is there an equivalent that I should replace it with, or should I just buy another 3825 ?One with an OOB management port would be nice.

View 6 Replies View Related

Cisco WAN :: How To Configure 3825 As Terminal Server

Apr 19, 2012

I want to build up cisco 3800 series router as terminal server , i have Asycs 32A module in cisco 3825. Here is show version of device.Do i need to installed any specific IOS in Cisco 3825 device ? how to configure cisco 3825 as terminal server.

View 1 Replies View Related

Cisco WAN :: 3825 Failure - Doesn't Seem To Boot

Nov 13, 2011

I have a remote customer who is having issues with their 3825 router - since I can't be on site troubleshooting is difficult but so far all that seems to happen when the device is powered on is the "SYS PWR" light goes solid green, and no other lights come on.  Fans seem to be operating normally.  Console access doesn't appear to be working.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved