Network Security

does anyone know if you have a pair of PIX's running in active/failover, if the acl hit count on the primary gets reset if the primary fails over to the secondary. When the primary comes back, does it retain its hit count? I'm trying to think of any ...

Has anyone come across the following problem ? When you disable the mail guard feature on a PIX (no fixup protocol smtp 25), it does not seem to function i.e. the mail guard is still active by default.I am running PIX 6.2(2) ? Has any one come across...

Outbound Internet traffic through our HTTP proxy is triggering this sig. below is a trigger packet. We've seen about 50 of these in the last 2 hours.evIdsAlert: eventId=1152199463829252123 vendor=Cisco severity=medium originator: hostId: h...

We haveestablished a Site-to-Site VPN tunnel between Cisco PIX 525 and Clent's Check Point NGX firewall. Tunnel is established and able to ping from both sides. If the Client people are trying to connect using RDP to one of our Server, they failed to...

Does anyone know if there is a way to associate different xlate timeout values with different global pools if I'm doing policy NAT? So, if I NAT to one destination I can set the xlate timeout value to 4 hours and if I NAT to a second destination I c...

hi, my question is does pix 520 with 128r/16f suppports 7.x IOS ? cisco has IOS 7.24 for 520. has anyone tried it ?thanks in advanceregards amit

Hi,I would like to analyze the traffic details (Similiar to that of Net Flow) for my outside interface. Is it Possible to do so or what is the best option.Basic idea is to analyze the kind of b/w distribution for various outside access.RegdsRavi

Hi, I am in process of configuring ASA5540 for remote connectivity; just IPsec.I have assigned private IP space 10.x.x.x as address pool but I want nat that traffic to inside ip address 128.x.x.xI have tried adding it using ASDM Configuration->NAT bu...

we are doing test on implementing ASA 5520 with IPS module and having a failover solution. Need to clarify few things1) As i understand ASA by default comes with 2 virtual license. We would like to use the 2 context in routed mode.can i have the outs...

I read many materials of Cisco but now I can't configure TCP reset in IDSM.I show configuration and if possible, please help me what I must do more?

1) At present we are having ISP1 terminated directly on ASA firewall ethernet interface(say eth0). Currently this link is being used for Internet browsing.2) We are planning to have ISP2, which will b terminated on to another ethernet interface of AS...

How to check whether DHCP relay is enabled between two VLANs or from one VLAN to the other on FWSM?

Hi,I am a problem here.. Currently, I need to check if the VPN users are authenticated through Tacacs or local PIX firewall?? how can i perform this check thanks?The reason I am asking is i cant see any Tacacs server pointing to, so believe it could ...

Updated IPS 4235 from 5.1 to 6.0 - can;t access IDM anymore.Fails with errors like 'Can't connect to server - null' or 'errNotSupported-Command not valid or not supported'.java.lang.Exception: errNotSupported-Command not valid or not supported at com...