stownsend

Member Since: Jun 03, 2002

English
stownsend commented on FirePower not reporting intrusion attack in FireSIGHT System / 3D System 4 months ago

I did get Cisco TAC on the line and this is pretty much what they said: The firewall policies and...

stownsend commented on Updating Edge Router - Cisco 3825 (revision 1.2) in WAN, Routing and Switching 8 months ago

That usage Graph was for our Current 50MB Connection. I believe it is 50MB Full-Duplex.  I did...

stownsend commented on Opinions on Extending Network/VLANs to a remote Office in Small Business Switches 8 months ago

Corp to Office A = 100MB Corp to Office A = 50MB There is no WAN Subnet, Its an Ethernet handoff...

stownsend commented on Allow only a Specific Range of Ports on ASA in Firewalling 11 months ago

Great!  Thank you.   I think that might of been left over from ASA IOS 7?   Anyway I made the...

stownsend commented on MALWARE-OTHER self-signed SSL certificate only allow from Source or To Destination? in FireSIGHT System / 3D System 1 year ago

The Alert is really saying that a Device is communicating via SSL using a Gerneric Certificate that...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

I changed the  NAT to object network obj_any nat (inside,outside) dynamic interface That didn't...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

The Traffic looks like this: ISP <-> WAN1 -RV082- LAN <-> Outside -ASA556- Inside...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

I'm not sure what you are asking, though here is what I know.    Of the Packets Captured they are...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

So they are UDP port 500 on both ends.  Which is VPN initiation traffic. Though not sure if its...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

So here are some Capture Packets and the Log events for the LAN Attacks.   I'm not sure how to read...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

R Seth, thank you for your reply.Is there a way too send the Captured Packets to Syslog?  That way...

stownsend commented on Inside Interface IP Phase 3 DROP Implicit Rule in VPN 1 year ago

Thank you for your Reply, Site Asysopt noproxyarp outsidesysopt noproxyarp inside Site B(nothing) ...

stownsend commented on Inside Interface IP Phase 3 DROP Implicit Rule in VPN 1 year ago

On the Remote B ASA 8.3(2)     packet-tracer in out tcp 10.11.0.1  80 10.1.1.160...

stownsend commented on Inside Interface IP Phase 3 DROP Implicit Rule in VPN 1 year ago

At remote site B (IOS 8.3(2)) I can Issue:packet-tracer in out tcp 10.11.0.1  2340 10.1.1.160 80...

stownsend commented on isakmp keepalive threshold infinite vs. isakmp keepalive disable in VPN 1 year ago

I had set isakmp keepalive threshold infinite on both the...

stownsend commented on MALWARE-OTHER self-signed SSL certificate only allow from Source or To Destination? in FireSIGHT System / 3D System 1 year ago

Interesting, Its only been the DropCams that have triggered this rule for us. I guess I should feel...

stownsend commented on MALWARE-OTHER self-signed SSL certificate only allow from Source or To Destination? in FireSIGHT System / 3D System 1 year ago

I have opened a TAC Case for this.  Buried in the Policies, Intrusion Policy, Initial-Inline,...

stownsend commented on ASA routing and NAT with two ISP in Firewalling 1 year ago

I have the Same issue here. We 'upgraded' from a PIX515 to a ASA5510. When upgrading we set up the...

stownsend commented on Problem with Secondary Cisco ASA 5525X SFR and Firesight in FireSIGHT System / 3D System 1 year ago

My Issues turned out to be a Routing Issue of sorts.  My FireSight server has two NICs, with set...

stownsend commented on Problem with Secondary Cisco ASA 5525X SFR and Firesight in FireSIGHT System / 3D System 1 year ago

I Updated my System and Health Policies to fix a Time Sync issue and now too I have this issue. Did...

stownsend commented on AnyConnect Licensing - Plus/Apex or Essentials? in VPN 1 year ago

Great! Thank you! 

stownsend commented on AnyConnect Licensing - Plus/Apex or Essentials? in VPN 1 year ago

Thank you for your reply. It makes sense to go with the Plus in terms of Cost. Will Probably...

stownsend commented on New ASA5525-X replacing 5510 - Replace Existing, then Activate FireSight or Activate First? in FireSIGHT System / 3D System 1 year ago

This is Me: ​replace an old firewall and happened to get the FirePOWER module because they...

stownsend commented on New ASA5525-X replacing 5510 - Replace Existing, then Activate FireSight or Activate First? in FireSIGHT System / 3D System 1 year ago

Thank you Marvin, So I should go a head and deploy the unit as a Typical Firewall and then while...

stownsend commented on ASA 5506-X - Switchports? in Firewalling 1 year ago

Looks like we are pretty much SOL... Here is the Initial Reply when I asked how to get the ports to...

stownsend commented on Convert ASA v8.2 config to v9.4 in Firewalling 1 year ago

Thank you for your Reply. I was able to Upload a copy of the 8.2 config as startup, then rebooted....

stownsend commented on ASA 5506-X - Switchports? in Firewalling 1 year ago

I have a TAC Case open : SR 635080803I'll let you know what they say...

stownsend commented on 5505 Not Seeing Interesting Traffic to Initiate VPN - Though Ping from ASA Does? in VPN 1 year ago

Looks like with 8.4 and later there are differences in NAT statements.    I went from this which is...

stownsend commented on Using both Dynamic and Static NAT with two Different Internet facing Subnets in Firewalling 1 year ago

Thank you for your reply.  Both Subnets have Public Accessible Services on them. So we need to be...

stownsend commented on AnyConnect Client/Remote Site-to-Site connect to Remote Site-To-Site via HQ Hairpin. in VPN 1 year ago

Thank you for your reply, Though I'm confused why I would need to use a HQ-UNUSED-IP for the NAT?  ...

stownsend commented on Using both Dynamic and Static NAT with two Different Internet facing Subnets in Firewalling 1 year ago

Not sure why I have Multiple Entries. )-: I did think it was Odd. I think it might be because I...

stownsend commented on AP541N 2.0(4) - mDNSResponder ERROR: getOptRdata - unknown opt 65002 in Small Business Wireless 1 year ago

Thank you for the Reply. I know we went though quite a bit to get AirPrint to work. The WAPs SSID...

stownsend commented on AP541N 2.0(4) - mDNSResponder ERROR: getOptRdata - unknown opt 65002 in Small Business Wireless 1 year ago

Hey Frank, thank you for the reply.Yes, Disabling Bonjour does eliminate the issue, though that...

stownsend commented on Talking to a Xlated Address from a device behind the firewall? Hairpin? in Firewalling 2 years ago

I'm getting the Following in my syslog:%ASA-7-710005: UDP request discarded from 10.0.0.10/49154 to...

stownsend commented on Talking to a Xlated Address from a device behind the firewall? Hairpin? in Firewalling 2 years ago

thank you for your reply.I'm not sure I understand which IPs I need where. PBX has a Static IP...

stownsend commented on AP541N 2.0(4) - mDNSResponder ERROR: getOptRdata - unknown opt 65002 in Small Business Wireless 2 years ago

Wow, thank you for replying with the exact same reply that you posted 4 Months ago in the...

stownsend commented on SG300 Static Routes are not Delete/Editable? in LAN, Switching and Routing 3 years ago

Its not Fixed, though I was able to Change the Gateway IP Address.I Saved the Config, Edited it to...

stownsend commented on ADSM AnyConnect Client Profile Editor will not close... in VPN 3 years ago

I Upgraded to ADSM 7.1(2)This resolved my issue.

stownsend commented on ADSM AnyConnect Client Profile Editor will not close... in VPN 3 years ago

I tried on a Mac now too, Same results.

stownsend commented on Anyconnect and cisco vpn clients using the same certificate in VPN 3 years ago

I'm not sure where to set the KU and EKU for the certificate that the ASA is requesting.

stownsend commented on AP541N-K9 and BonJour/AirPrint in Security and Network Management 3 years ago

I cannot say for sure that your Suggestions Fixed my Issue, though I was able to get Bonjour...

stownsend commented on WAP4410N compatible with HGA9N High-Gain Omnidirectional in Small Business Wireless 3 years ago

I'm looking into a Similar solution, did you come up with something?

stownsend commented on Multiple Public Class C Addresses on External Interfaces use Both for Mapping? in Firewalling 3 years ago

I believe I understand most of what you said.    Yes, we do have an Edge Router, the Internal GE...

stownsend commented on Lots of ARP Broadcasts from SG300-28P for its GW Address in Small Business Switches 3 years ago

Seems like the BPDU setting is used only if STP is disabled?...

stownsend commented on Lots of ARP Broadcasts from SG300-28P for its GW Address in Small Business Switches 3 years ago

Thank you for your reply...I noticed that your STP is disabled for the port you are changing to...

stownsend commented on Lots of ARP Broadcasts from SG300-28P for its GW Address in Small Business Switches 3 years ago

Thank you for your reply...   Filter the Bridge Protocol Data Unit?  I'm not sure how to do that....

stownsend commented on SG300 switches have poor performance in Layer 3?? in Small Business Switches 3 years ago

Yes. Switch is latest Firmware too. Origonal Testing it had a Connection to the Corp Netwotk. Now...

stownsend commented on SG300 switches have poor performance in Layer 3?? in Small Business Switches 3 years ago

In my Simple test case, its just the one SG300-28p and two PCs connected Directly to it.  Here is a...

Bio

BS in Copmputer Information Technology with a Minor in Math
Tinkerer - Self taught IOS guy, always learning always asking questions. Wishing I had the time and money to take the classes so it would all make more sense. (-;










stownsend's Stats

Points30
Discussion started 111
Answers marked as Correct 0
Endorsed 0
Content Rated 19