Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cisco-asa]

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality.

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality as standard. This is Cisco's replacement line for the PIX range, but has additional functionality, mostly related to security, through additional modules.

772 questions
3
votes
3 answers

Cisco ASA logs "regular translation creation failed for icmp ..." for DNS traffic, yet it works

Every few minutes our Cisco ASA 5505 firewall is logging errors that I can't figure out with my limited Cisco experience. Severity Date Time Syslog ID Source IP Destination IP Description 3 Mar 25 2010 17:21:14 305006 8.8.8.8 …
Martijn Heemels
  • 7,728
  • 7
  • 40
  • 64
3
votes
3 answers

Cisco ASA 5505 inside interface multiple ip addresses

I have an issue this morning where I want to be able to assign multiple ip addresses to the inside interface to facilitate an ip range migration for an office. Namely from a 192.168.1.x range to the new range, with the minimum of interruption for…
Oneiroi
  • 2,063
  • 1
  • 15
  • 28
2
votes
0 answers

NIC bonding on Linux in redundant network topology

I want to implement NIC bonding on Linux server in redundant network topology as shown in the network diagram below. Network topology Both interfaces of the Linux server fa0 and fa1 would be in one bond with mode active-backup, so only one of the…
ananetworking
  • 33
  • 1
  • 6
2
votes
2 answers

Cisco ASA 5505 can't talk to anything on Site-to-Site VPN

So I have a Cisco ASA 5505 Setup with 2 Site-to-Site VPN's and a Remote Access VPN, now anything connected (Hardwired, S2S VPN or RA VPN) can all talk to each other without a problem. The problem comes is via the one of the S2S VPN's I have an…
Martin Barker
  • 279
  • 1
  • 17
2
votes
1 answer

Crypto Map Policy not found (but it's there.. promise!)

Sorry.. I'm new to Cisco IOS so if I need to present more info, please let me know. Using IOS 9.1(6), ASDM 7.10(1) on a Cisco 5510, connecting to an Azure VNET. (Yes, UsePolicyBasedTrafficSelectors is set to true) I am creating a VPN from us (with…
Marc L. Allen
  • 121
  • 1
  • 5
2
votes
1 answer

Why is my IOS EzVPN client not connecting to my ASA EzVPN server?

I have a Cisco 867VAE connecting as an EzVPN NEM client to an ASA 5505 server which will not connect. The server ASA has the repeated messages: 4 Nov 01 2017 23:16:45 713903 Group = eznemgroup1, IP = 10.200.38.205, Information…
Mitch
  • 2,363
  • 14
  • 23
2
votes
2 answers

How to add access list to Cisco ASA?

I have the following rules configured at my Cisco ASA firewall: access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 3306 access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2083 access-list OUTSIDE_IN extended permit…
Alan Kis
  • 161
  • 5
2
votes
1 answer

Cisco ASA v.s. pfSense - How packet inspection works with VPNs

We have a small office, about 75% of our infrastructure is cloud based including a pfSense deployment we use for remote access and site to site connections which is currently public facing. We've decided to deploy a Cisco ASA with Firepower support…
dcd018
  • 131
  • 4
2
votes
1 answer

Cisco ASA 5505 - Reload WITHOUT resetting to default config

Twice now I've ran the 'reload' command on console on my ASA 5505 ver. 9.1(3), and it's completely wiped my config and reset to factory defaults. I've made sure I 'wr mem' before reloading. I saw an article about having to change the config-register…
Willman
  • 155
  • 1
  • 10
2
votes
1 answer

ASA QoS for VoIP traffic

I'm looking to implement QoS for VoIP traffic using DSCP tags: EF & AF31. LLQ for VoIP: ciscoasa(config)# class-map cm_voip ciscoasa(config-cmap)# match dscp ef ciscoasa(config-cmap)# match dscp af31 ciscoasa(config)# policy-map…
Zell
  • 23
  • 3
2
votes
1 answer

Cisco ASA Site-To-Site VPN change peer IP

We use Cisco ASA 5510 and I have to change peer IP address on the current Site-To-Site VPN. Every time when I have similar issue I deleted current vpn and then create new one from scratch.After Googling I found some solutions to change only peer IP…
Antoan Bull
  • 100
  • 1
  • 13
2
votes
0 answers

Squid3 WCCPv2 with ASA not working

So I have begun the awful adventure of getting Squid 3.3.8 working with my Cisco ASA 5520 (9.1(5)). I think the problem is that the traffic is getting to the squid box but it is either not getting to the actual daemon or it's not sending out (I…
user298329
  • 21
  • 2
2
votes
3 answers

What is the safest way to admin a firewall remotely?

What are you sysadmins doing to make sure that your ability to remote admin a firewall is the safest it can be? What is the safest setup you have, short of only using the console connection and having to physically touch the firewall?
GregD
  • 8,713
  • 1
  • 24
  • 36
2
votes
0 answers

Dual path VPN on ASA 9.2

We have two sites that are joined by a VPN over two WAN links, one primary and one backup only. The VPN endpoints are a pair of active/standby ASA clusters at each site. Each site also has multiple additional VPNs to minor sites, some of which are…
user1174838
  • 616
  • 6
  • 18
2
votes
2 answers

Issue with Cisco ASA 5515-X VPN Connection

I had an existing setup with a 5515-X serving as my firewall and VPN, which worked fine. Since moving to a new location, and thus a new outside interface IP, I can successfully connect to the VPN, but nothing is visible to the VPN client (i.e.,…
Dave
  • 135
  • 1
  • 8
1 2 3
51 52