stownsend

Member Since: Jun 03, 2002

User Badges:

English
stownsend commented on Tried Upgrading 5505 8.3.2 -> 9.2.4(18) Lost VPN - reverted back to 8.3.2 still no VPN in VPN 1 month ago

I replaced all of the NAT statements with the following 2 NAT statements: nat (inside,outside)...

stownsend commented on Tried Upgrading 5505 8.3.2 -> 9.2.4(18) Lost VPN - reverted back to 8.3.2 still no VPN in VPN 1 month ago

Thanks for the reply.  I think that something happen after I reverted the firmware and rebooted....

stownsend commented on Bring up VPN Tunnel without Interesting Traffic? - VPN <-> HQ <-> Remote VPN Office in VPN 1 month ago

I do have the 'vpn-idle-timeout none' set in the DfltGrpPolicy, though I don't think its being used...

stownsend commented on Bring up VPN Tunnel without Interesting Traffic? - VPN <-> HQ <-> Remote VPN Office in VPN 1 month ago

If you have the remote sites set as Ezvpn remote or a dynamic peer, this is not possible. The...

stownsend commented on Intermittent connectivity between Switch SVI and directly connected hosts. in LAN, Switching and Routing 3 months ago

Not sure if this is related to yours, but I was having Similar Issues with some Hosts/VMs working...

stownsend commented on FirePower not reporting intrusion attack in FireSIGHT System / 3D System 7 months ago

I did get Cisco TAC on the line and this is pretty much what they said: The firewall policies and...

stownsend commented on Updating Edge Router - Cisco 3825 (revision 1.2) in WAN, Routing and Switching 11 months ago

That usage Graph was for our Current 50MB Connection. I believe it is 50MB Full-Duplex.  I did...

stownsend commented on Opinions on Extending Network/VLANs to a remote Office in Small Business Switches 11 months ago

Corp to Office A = 100MB Corp to Office A = 50MB There is no WAN Subnet, Its an Ethernet handoff...

stownsend commented on Allow only a Specific Range of Ports on ASA in Firewalling 1 year ago

Great!  Thank you.   I think that might of been left over from ASA IOS 7?   Anyway I made the...

stownsend commented on MALWARE-OTHER self-signed SSL certificate only allow from Source or To Destination? in FireSIGHT System / 3D System 1 year ago

The Alert is really saying that a Device is communicating via SSL using a Gerneric Certificate that...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

I changed the  NAT to object network obj_any nat (inside,outside) dynamic interface That didn't...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

The Traffic looks like this: ISP <-> WAN1 -RV082- LAN <-> Outside -ASA556- Inside...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

I'm not sure what you are asking, though here is what I know.    Of the Packets Captured they are...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

So they are UDP port 500 on both ends.  Which is VPN initiation traffic. Though not sure if its...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

So here are some Capture Packets and the Log events for the LAN Attacks.   I'm not sure how to read...

stownsend commented on %ASA-2-106017: Deny IP due to Land Attack from <ASA's Outside Interface Static IP> to < ASA's Outside Interface Static IP> in Firewalling 1 year ago

R Seth, thank you for your reply.Is there a way too send the Captured Packets to Syslog?  That way...

stownsend commented on Inside Interface IP Phase 3 DROP Implicit Rule in VPN 1 year ago

Thank you for your Reply, Site Asysopt noproxyarp outsidesysopt noproxyarp inside Site B(nothing) ...

stownsend commented on Inside Interface IP Phase 3 DROP Implicit Rule in VPN 1 year ago

On the Remote B ASA 8.3(2)     packet-tracer in out tcp 10.11.0.1  80 10.1.1.160...

stownsend commented on Inside Interface IP Phase 3 DROP Implicit Rule in VPN 1 year ago

At remote site B (IOS 8.3(2)) I can Issue:packet-tracer in out tcp 10.11.0.1  2340 10.1.1.160 80...

stownsend commented on isakmp keepalive threshold infinite vs. isakmp keepalive disable in VPN 1 year ago

I had set isakmp keepalive threshold infinite on both the...

stownsend commented on MALWARE-OTHER self-signed SSL certificate only allow from Source or To Destination? in FireSIGHT System / 3D System 1 year ago

Interesting, Its only been the DropCams that have triggered this rule for us. I guess I should feel...

stownsend commented on MALWARE-OTHER self-signed SSL certificate only allow from Source or To Destination? in FireSIGHT System / 3D System 1 year ago

I have opened a TAC Case for this.  Buried in the Policies, Intrusion Policy, Initial-Inline,...

stownsend commented on ASA routing and NAT with two ISP in Firewalling 1 year ago

I have the Same issue here. We 'upgraded' from a PIX515 to a ASA5510. When upgrading we set up the...

stownsend commented on Problem with Secondary Cisco ASA 5525X SFR and Firesight in FireSIGHT System / 3D System 1 year ago

My Issues turned out to be a Routing Issue of sorts.  My FireSight server has two NICs, with set...

stownsend commented on Problem with Secondary Cisco ASA 5525X SFR and Firesight in FireSIGHT System / 3D System 1 year ago

I Updated my System and Health Policies to fix a Time Sync issue and now too I have this issue. Did...

stownsend commented on AnyConnect Licensing - Plus/Apex or Essentials? in VPN 1 year ago

Great! Thank you! 

stownsend commented on AnyConnect Licensing - Plus/Apex or Essentials? in VPN 1 year ago

Thank you for your reply. It makes sense to go with the Plus in terms of Cost. Will Probably...

stownsend commented on New ASA5525-X replacing 5510 - Replace Existing, then Activate FireSight or Activate First? in FireSIGHT System / 3D System 1 year ago

This is Me: ​replace an old firewall and happened to get the FirePOWER module because they...

stownsend commented on New ASA5525-X replacing 5510 - Replace Existing, then Activate FireSight or Activate First? in FireSIGHT System / 3D System 1 year ago

Thank you Marvin, So I should go a head and deploy the unit as a Typical Firewall and then while...

stownsend commented on ASA 5506-X - Switchports? in Firewalling 1 year ago

Looks like we are pretty much SOL... Here is the Initial Reply when I asked how to get the ports to...

stownsend commented on Convert ASA v8.2 config to v9.4 in Firewalling 1 year ago

Thank you for your Reply. I was able to Upload a copy of the 8.2 config as startup, then rebooted....

stownsend commented on ASA 5506-X - Switchports? in Firewalling 1 year ago

I have a TAC Case open : SR 635080803I'll let you know what they say...

stownsend commented on 5505 Not Seeing Interesting Traffic to Initiate VPN - Though Ping from ASA Does? in VPN 1 year ago

Looks like with 8.4 and later there are differences in NAT statements.    I went from this which is...

stownsend commented on Using both Dynamic and Static NAT with two Different Internet facing Subnets in Firewalling 2 years ago

Thank you for your reply.  Both Subnets have Public Accessible Services on them. So we need to be...

stownsend commented on AnyConnect Client/Remote Site-to-Site connect to Remote Site-To-Site via HQ Hairpin. in VPN 2 years ago

Thank you for your reply, Though I'm confused why I would need to use a HQ-UNUSED-IP for the NAT?  ...

stownsend commented on Using both Dynamic and Static NAT with two Different Internet facing Subnets in Firewalling 2 years ago

Not sure why I have Multiple Entries. )-: I did think it was Odd. I think it might be because I...

stownsend commented on AP541N 2.0(4) - mDNSResponder ERROR: getOptRdata - unknown opt 65002 in Small Business Wireless 2 years ago

Thank you for the Reply. I know we went though quite a bit to get AirPrint to work. The WAPs SSID...

stownsend commented on AP541N 2.0(4) - mDNSResponder ERROR: getOptRdata - unknown opt 65002 in Small Business Wireless 2 years ago

Hey Frank, thank you for the reply.Yes, Disabling Bonjour does eliminate the issue, though that...

stownsend commented on Talking to a Xlated Address from a device behind the firewall? Hairpin? in Firewalling 2 years ago

I'm getting the Following in my syslog:%ASA-7-710005: UDP request discarded from 10.0.0.10/49154 to...

stownsend commented on Talking to a Xlated Address from a device behind the firewall? Hairpin? in Firewalling 2 years ago

thank you for your reply.I'm not sure I understand which IPs I need where. PBX has a Static IP...

stownsend commented on AP541N 2.0(4) - mDNSResponder ERROR: getOptRdata - unknown opt 65002 in Small Business Wireless 2 years ago

Wow, thank you for replying with the exact same reply that you posted 4 Months ago in the...

stownsend commented on SG300 Static Routes are not Delete/Editable? in LAN, Switching and Routing 3 years ago

Its not Fixed, though I was able to Change the Gateway IP Address.I Saved the Config, Edited it to...

stownsend commented on ADSM AnyConnect Client Profile Editor will not close... in VPN 3 years ago

I Upgraded to ADSM 7.1(2)This resolved my issue.

stownsend commented on ADSM AnyConnect Client Profile Editor will not close... in VPN 3 years ago

I tried on a Mac now too, Same results.

stownsend commented on Anyconnect and cisco vpn clients using the same certificate in VPN 3 years ago

I'm not sure where to set the KU and EKU for the certificate that the ASA is requesting.

stownsend commented on AP541N-K9 and BonJour/AirPrint in Security and Network Management 4 years ago

I cannot say for sure that your Suggestions Fixed my Issue, though I was able to get Bonjour...

stownsend commented on WAP4410N compatible with HGA9N High-Gain Omnidirectional in Small Business Wireless 4 years ago

I'm looking into a Similar solution, did you come up with something?

stownsend commented on Multiple Public Class C Addresses on External Interfaces use Both for Mapping? in Firewalling 4 years ago

I believe I understand most of what you said.    Yes, we do have an Edge Router, the Internal GE...

Bio

BS in Copmputer Information Technology with a Minor in Math
Tinkerer - Self taught IOS guy, always learning always asking questions. Wishing I had the time and money to take the classes so it would all make more sense. (-;

User Badges:

stownsend's Stats

Points30
Discussion started 115
Answers marked as Correct 0
Endorsed 0
Content Rated 19