Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
0
Helpful
1
Replies

Cisco ASA not being mapped by Qualys

calterio
Level 1
Level 1

‎12-21-2009 12:29 PM - edited ‎03-11-2019 09:50 AM

We are using Qualys to map our network. The firewalls are set to allow icmp from the scanner to the x.x.x.*/24 network being mapped. For some reason when the mapping scan runs, Qualys isn't detecting the ASA 5510 as a hop in the path. We are running 8.2(1) on the ASA. I do see the hit count increase on the icmp rule during the mapping scan, so the scan is traversing the ASA, but the ASA isn't being detected except as a resource on the destination network. Is this a "working as designed" scenario, or is there some sort of "stealth" setting on the ASA which would do this, or is there something else going on?

Resources are cabled (L2) to vlans on a 6509 switch. The route is: Scanner -(vlan1)- Firewall1 -(vlan2)- ASA -(vlan3)- dest netwk (x.x.x.*/24)

Qualys map results:  Scanner - Firewall1 - 6509 Switch L3 ip addr - dest netwk (x.x.x.*/24)

Any help, ideas, or clues would be appreciated. Thank you.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎12-21-2009 12:43 PM

Our firewalls do not show themselves as a hop in the path.  We do not decrement TTL by default.

If you need to then it has to be configured. Pls. follow this sample:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s1.html#wp1395966

-KS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card