Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cisco-asa]

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality.

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality as standard. This is Cisco's replacement line for the PIX range, but has additional functionality, mostly related to security, through additional modules.

772 questions
4
votes
7 answers

problem with passive FTP behind cisco asa firewall

i've problems connecting to an ftp-server behind a cisco asa firewall using passive mode. ftp works using active and "extended passive" mode, however: when i turn off "extended passive" (epsv in ftp console client app), it does not work anylonger --…
harald
  • 403
  • 2
  • 6
  • 19
4
votes
3 answers

Cisco ASA 5505 :: Techniques for limiting consumed hosts (max 10 with base license)

Was not aware that ASA 5505 base license restricts number of concurrent hosts to 10 (RTFM, I know). Running a "show local-host" I see my host count at 8, a bit too close for comfort with a production web server sitting behind the ASA. Investigating…
virtualeyes
  • 675
  • 3
  • 12
  • 28
4
votes
1 answer

cisco asa reloading

After having both memory and code upgrades, we have a significant number of our asa 5520's (in active/standby pairs) develop problems. The problem manifests itself as losing connectivity to the other 1/2 of the pair on the failover interface, and…
Starsky
  • 103
  • 1
  • 8
4
votes
1 answer

Is there a way of setting an MTU lower for traffic destined to a specific IP address on Cisco ASA?

I have a number of VPN sites where the MTU is lower than standard (1500). I have had at least one site where fragmentation of packets has had an effect on the success of building an IPSEC tunnel. I am able to set the MTU on the equipment at the…
dunxd
  • 9,632
  • 22
  • 81
  • 118
4
votes
3 answers

Backups take so long that the firewall closes the connection

A bit of a mashup of systems here, so bear with me. Essentially, I'm having some trouble using the Backup Exec agent for Oracle, while trying to backup a remote Linux server. The BE agent appears to use RMAN to backup the databases The backup…
jimbobmcgee
  • 2,675
  • 4
  • 27
  • 43
4
votes
3 answers

Does Windows 7 VPN work with a Cisco ASA 5510

We have a Cisco ASA 5510 router and are trying to get a couple users setup for VPN access. They are running Windows 7 x64 at home and cannot install the VPN client we have for our router (it only works on 32bit windows). I know there is Cisco…
Adam
  • 205
  • 4
  • 14
4
votes
4 answers

Cisco ASA 5505 - need more site-to-site VPNs

I'm using a Cisco ASA 5505 50-user firewall in a co-location facility. The systems at this location are performing monitoring of additional remote sites (also running Pix or ASA devices) I've established site-to-site tunnels, but have hit the…
ewwhite
  • 197,159
  • 92
  • 443
  • 809
4
votes
3 answers

What might prevent IKE handshake success in building an IPSEC tunnel?

We use Cisco ASA for our IPSEC VPNs, using the EZVPN method. From time to time we encounter problems where an ISP has made a change to their network and our VPN stops working. Nine times out of ten the ISP denies that their change could have…
dunxd
  • 9,632
  • 22
  • 81
  • 118
4
votes
3 answers

Cisco ASA - NAT Reverse Path behavior

Recently ran into an issue where adding a dynamic NAT to an interface broke all translated traffic going through the interface with RPF failures. We found that the addition of the command caused NAT reverse path filtering to start dropping most…
Shane Madden
  • 114,520
  • 13
  • 181
  • 251
4
votes
1 answer

Cisco ASA: Allowing and Denying VPN Access based on membership to an AD group

I have a Cisco ASA 5505 connecting to an Active Directory server for VPN authentication. Usually we'd restrict this to a particular OU, but in this case users which need access are spread across multiple OUs. So, I'd like to use a group to specify…
milkandtang
  • 163
  • 1
  • 1
  • 7
4
votes
1 answer

ASA 5505 vLAN Routing - 2 LAN 1 WAN

I am setting up a Cisco ASA 5505 with the base license. TCP/UDP communication works from inside->outside, outside->inside, inside->secure, which is my desired traffic security. HTTP, SSH, and other access from inside->secure works, but I can't ping…
Wayne
4
votes
1 answer

Cisco ASA and static IPv6 tunnel endpoint?

I recently installed a Cisco ASA 5505 firewall on the edge of our LAN. The setup is simple: Internet <--> ASA <--> LAN I would like provide the hosts in the LAN with IPv6 connectivity by setting up a 6in4 tunnel to SixXS. It would be nice to have…
Martijn Heemels
  • 7,728
  • 7
  • 40
  • 64
4
votes
1 answer

Is there a "show cdp neighbors" type command for Cisco ASA devices?

I have been working on a project to map out my organization's network infrastructure. For the networking devices (we are a Cisco shop) I have been running the show cdp neighbors command to see how everything is connected and through which…
Psycho Bob
  • 816
  • 2
  • 13
  • 23
4
votes
5 answers

ASA 5505, is BGP supported?

I need to configure BGP on an ASA 5505, according to certain sources it isn't supported, yet I can find resources on the internet giving information on how to configure BGP. I'd really like an expert to answer some queries for me. Can you…
sorrrydoctorforlove
3
votes
0 answers

CISCO ASA: Static external 1:1 NAT, but also with Internal Access

We have a NAT rule in our ASA 5525-X here, which basically makes it so that 1.2.3.4 on the outside and 10.1.9.10 on the inside are essentially NAT'd. That is, you can reach 1.2.3.4 on the outside, and get served the data at 10.1.9.10. This is all…
Thomas Ward
  • 787
  • 2
  • 7
  • 18
1 2 3
51 52