Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cisco-asa]

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality.

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality as standard. This is Cisco's replacement line for the PIX range, but has additional functionality, mostly related to security, through additional modules.

772 questions
3
votes
1 answer

QoS on Cisco ASA 5505 by VLAN/subnet

My ASA 5505 has three VLANs. One connected to the internet called outside, one for our office called office (which connects to the corporate VPN) and one for a publicly accessible resource-centre. Each VLAN is on a separate subnet. I want to…
dunxd
  • 9,632
  • 22
  • 81
  • 118
3
votes
1 answer

"All IKE SA proposals found unacceptable!", but what was proposed?

I'm trying to get VPN working between various devices and a Cisco ASA 5520 running 7.2(1). When trying to connect with a Mac running OX X 10.5.8, I keep getting this error: On the ASA it says: Sep 16 13:44:02 [IKEv1 DEBUG]: Group = , IP =…
longneck
  • 23,082
  • 4
  • 52
  • 86
3
votes
1 answer

ISP has asked for snmp polling to our firewall - what is the risk?

We have had some issues with accessing certain things through the ISP used by one of our branch offices. They have asked us to allow them SNMP polling access to our Cisco ASA 5505 in order to check bandwidth use there. I am not sure exactly what…
dunxd
  • 9,632
  • 22
  • 81
  • 118
3
votes
4 answers

2 Cisco ASA + 4 Cisco switches - best way to connect all together

Until now I have been involved in using Cisco hardware in professional environment but on a small level. Recently, requirement has came up for our new facility to be built with PCI compliance in mind and since we have quite a lot of traffic passing…
bart613
  • 548
  • 1
  • 6
  • 15
3
votes
0 answers

cisco asa NAT to site-to-site VPN

I'm trying to NAT an external address to an internal address which is not local, but on a remote end of a site-to-site VPN connection. Is this possible? Log says Routing failed to locate next hop for TCP from outside x.x.x.x/xxx to…
MK.
  • 292
  • 1
  • 4
  • 13
3
votes
3 answers

Cisco ASA 5505 DMZ Setup Issue

I have an ASA 5505 running v8.4. I have one static IP that my ISP gives me and I need to use that for my INSIDE network as well as my DMZ. This becomes a PAT issue as I need some ports to terminate in the DMZ, and some to terminate in the INSIDE…
Gunnar
  • 31
  • 1
  • 2
3
votes
1 answer

site-to-site VPN between cisco ASA and 870 cannot ping remote network

I have two sites which are connected through site-to-site vpn from cisco. One site has a cisco ASA router, the other has a cisco 870 router The tunnel has been setup, and active, however I cannot send any traffic over the link... The ASA config…
cpf
  • 287
  • 4
  • 11
3
votes
1 answer

How do I configure my VPNs on my new firewall without taking out the old one?

I have a colocation facility with my main firewall in it. It has a bunch of site-to-site VPN tunnels built from the main firewall to the firewalls that are in the remote facilities. I want to replace that main firewall with a Cisco ASA but I want…
blsub6
  • 1,131
  • 6
  • 25
  • 45
3
votes
2 answers

Cisco ASA - Blocking BitTorrent Traffic

Due to DMCA takedown notices, trying to block bitTorrent traffic for client on a Cisco ASA 5520. ASA Software : 7.2 ASDM: 5.2 The device is really just used for for NAT and VPN's currently. Is there a simple way to block bitTorrent TCP ports…
CaseyIT
  • 427
  • 3
  • 8
  • 14
3
votes
1 answer

Cisco ASA 5510 Time of Day Based Policing

I have a Cisco ASA 5510 setup at a boarding school. I determined that many (most?) of the students were downloading files, watching movies, etc, during the day and this was causing the academic side of our network to suffer. The students should not…
minamhere
  • 859
  • 7
  • 18
3
votes
4 answers

VPN is working, except for DNS lookups. Firewall (Cisco ASA 5505) issue?

I've got the following set up: LAN -> DHCP / DNS / VPN server (OSX 10.6) -> Cisco ASA 5505 -> WAN Connecting to the LAN via VPN works fine. I get all the details properly and I can ping any host on the internal network using their IP. However, I…
Marcus Stade
  • 329
  • 2
  • 5
  • 16
3
votes
1 answer

ESXi :: ASA NAT + Switch :: Setup on .27 IP Block

Just bought an ASA 5505 and a separate gigabit switch, along with a Dell R610 virtualization server to replace existing bare metal web server. There will be 2 physical machines, R610 running ESXi 4.1 & a backup server (old SC 1435). R610 has 2X dual…
virtualeyes
  • 675
  • 3
  • 12
  • 28
3
votes
3 answers

Cisco ASA: Allow established traffic back in

I have a Cisco ASA 5505 (ver 8.2(2)) with two interfaces; inside (security level 100) and outside (security level 50). There is one subnet on inside, 10.1.1.0/24. There is no NAT for traffic moving from inside to outside; that is handled by an…
DrStalker
  • 6,946
  • 24
  • 79
  • 107
3
votes
1 answer

Finding a private (NAT) host's IP using historic destination data

The issue: An unknown private (NAT) client is infected with malware and it's trying to access a Bot server at random times/dates. How we know about this: We receive bot traffic notices/alerts from REN-ISAC. Unfortunately, we don't receive those…
l0c0b0x
  • 11,867
  • 7
  • 47
  • 76
3
votes
2 answers

Is span monitoring on Cisco ASA 5520 possible?

From what I have read, you can use the switchport monitor command on ASA 5505's to setup a Span port due to the back of the ASA actually being a switch. On my 5520, I do not see the switchport command listed when issuing a ? via the CLI. How do…
Brent
  • 143
  • 1
  • 3
  • 10
1 2 3
51 52