Source Community: 
Firewalling
Undefined

How can I tell if my ASA is causing latency issues?

Unanswered Question
May 23rd, 2017
User Badges:

I have an ASA 5516x w/FirePOWER running ASA version 9.5.(2).10 and with 6.0.1 SFR module. When we begin running backups over a VPN tunnel that is connected to an outside interface on this ASA we begin having high latency from our internal network on the inside interface to both the DMZ (devices behind the DMZ interface on the ASA) and out to the internet. Traceroutes that are performed during these back ups show the latency from our internal subnet to the DMZ subnet jump from a norm of around 1 - 2ms to hundreds of milliseconds.

Loading.

How to configure two Cisco ASA 5512-X for Active and Standby

Unanswered Question
May 23rd, 2017
User Badges:

Hi Proffs,

Currently, i have Cisco ASA 5512-x as edge device having external link to a single ISP, connected to cisco 2960 switch internally and behind the switch are production servers. There is a three site to site VPN link from the servers's nated public IP to other third party system. 

Loading.

Migrating ASA configuration to a context

Unanswered Question
May 23rd, 2017
User Badges:

Hi


I have a Cisco ASA 5510 in single mode that is used for IPsec VPN site-to-site tunnels.


I would like to migrate the VPN tunnels onto a 5525X running in multiple context mode (i.e., create a new context and move the configuration onto it).


Does anyone have any suggestions on the best way to do this migration? I see that there is no ability in ASDM to backup the configuration on the 5510 and simply restore it into the context.


Thanks for any pointers!

Loading.

ASA 5505 with Security+ not passing traffic through ASA

Unanswered Question
May 23rd, 2017
User Badges:

I am having a very strange issue.  Initially I thought this was a simple fix...5 hours later i am still in the same predicament.  I am simply trying to use an ASA 5505 as a router.  Why not use a router you ask, unfortunately I do not have that option.  The ASA is running 9.2(4) code.  We have another ASA on the remote end (5512 running the same code) and it works as expected routing traffic from the outside interface to the inside and vice versa.  I have created ACL's allowing any any still to no avail.  Attached is a drawing of the connectivity and the config file from the ASA in question

Loading.

ASA5506-X don't connect ASDM-IDM Launcher

Unanswered Question

Hello,

i have change the inside interface from default address 192.168.1.1 255.255.255.0 to address 10.13.0.100 255.255.0.0.

And change "http 10.13.0.0 255.255.0.0 inside".

Now i can see over browser "https://10.13.0.100/admin" site to download ASDM Launcher.

Downloaded and installed, but i can't connect to device 10.13.0.100 now.

Without errors, only message "Contacting the device. Please wait.."


I have wrong config ?

Loading.

TCP half closed conection

Unanswered Question
May 23rd, 2017
User Badges:

What happens when there is a TCP half closed connection ?

How long the connection remains alive before it gets closed ?

Is there a specific setting in ASA to manage half closed TCP sessions ?


These are the questions asked to me during network security interview.





Loading.

Firewall TCP Connection Flags

Unanswered Question
May 23rd, 2017
User Badges:

I have gone through the connection flag alphabets from Cisco website but I could not correlate them with real time connection logs. Someone please share some documents which has the clear info.


Thanks in advance,, 

Loading.

what simple encryption method on ASA over L2tp tunnel

Unanswered Question
May 22nd, 2017
User Badges:

hi All,


L2tp tunnel has been configured between routers on Site A & B to bridge them over seamlessly.

I have been task to just encrypt traffic between two ASA firewall, with l2tp tunnel on routers behind them.

What is the best method to do such encryption on the ASA firewall.


I have advise them to just do encryption on the router itself on top of l2tp, but it is their company policy to do it at firewall level.


i have site to site vpn and remote access vpn on ASA firewall before on other tasks.

Loading.