Hi all,

I have a very large network in my work and i need a tool that i can run it in order to build for me a full diagram for my network
And to show me all the firewalls,switches, endpoints...etc.

I placed a simple extended named ACL on my Cisco 3825.  Everything works except our alarm system.  It keeps beeping which indicates it can't communicate properly.  Here's the ACL I applied to the WAN interface IN:
Extended IP access list OurFirewall
    10 permit icmp any any echo-reply (1 match)
    20 permit tcp any any established (69546 matches)
    30 permit udp any any eq domain
    40 permit udp any eq domain any (2127 matches)

Really simple.  The only thing I have outbound is the numbered ACL that allows our internal IPs overload on external IP.  

According to alarm company the only thing it needs is outgoing specific port, but as I said, there's no restriction on outbound traffic.  Can someone see something I'm missing?

As a second questions, could someone provide instruction on how I'd implement rules to prevent inbound and outbound torrent traffic?

Hi
I have new Cisco AP1852E APs trying to join to exciting setup done by previous vendor.
new APs are joined to controller but after it is joined, I'm not able to access the AP via ssh using its IP and also not able to set time(via console).

I have 20 other APs (setup by previous vendor) and I can see I can ssh to them except the newly joined AP.

I understand that I may ignore this since AP are joined but why not able to ssh those newly joined AP ? How to enable SSH ?
And how to set time correctly in those AP ? I tried Clock set .... command but it says unrecognized.
Plz suggestion ?
AP Image version is 8.3.122

Aug 15 16:57:58 2017 router608d14 kernel: #warn<4> ACCESS_RULE: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:be:d9:c1:2e:42:08:00 SRC=10.128.144.149 DST=10.128.144.255 LEN=247 TOS=0x00 PREC=0x00 TTL=128 ID=18415 PROTO=UDP SPT=138 DPT=138 LEN=227

Aug 15 16:57:58 2017 router608d14 kernel: #warn<4> ACCESS_RULE: IN=eth0 OUT= MAC=88:5a:92:60:8d:14:e8:50:8b:36:23:67:08:00 SRC=10.128.144.101 DST=199.193.204.134 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43496 DF PROTO=TCP SPT=50297 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0

We had a Cisco Catalyst 1900 switch die this morning and need to replace it. My concern is getting the right fibre connections. What will I need to do if I want to replace the 1900 with a Cisco Catalyst 2960?

Thank you!

Robert

i had ASA 5510 and i copied the configs to new ASA 5512 but some changes on the nat. everything works as in the ASA 5510 however my LAN is very unstable. user connection time-out to my LAN SERVERS and even remote users on the remote access vpn also experienced network time out.

please below the changes on the nat. can anyone check if there is a problem on this statement that might cause my network instability
.................................................. .................................................. .................................................. .................................................. .................................................. ...........
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.16 8.17.0_25 NETWORK_OBJ_192.168.17.0_25 no-proxy-arp route-lookup
!
object network asy_server
nat (outside,dmz) static 192.168.32.199
object network HRIS
nat (outside,inside) static 192.168.0.100
object network ASY
nat (outside,dmz) static 192.168.32.199
object network BANKSRM
nat (outside,dmz) static 192.168.32.15
object network Hris
nat (outside,inside) static 192.168.0.100 service tcp 3040 https
object network Mails
nat (outside,inside) static 192.168.0.99 service tcp 3000 https
object network mails
nat (inside,outside) static 192.168.0.99 service tcp 3000 https
object network ob32-192.168.32.0
nat (dmz,vpns) static 192.168.32.0
object network obj-192.168.20.0…

I have a cisco ASA 5505 firewall.  I allow RDP thru to an inside address server.
Is there a log I can view to see what ip came in through with proper user and pw.

Hello,

I got a "new to me" Cisco 3825 to try to fix some capacity issues our old router is having.  It's a consumer grade Linksys router.  I've tried to duplicate the connection settings, but I cannot make it out to the internet.  From a host on the connected switch I can ping various LAN points.  However, I cannot even ping an external IP, such as 8.8.8.8.  

Following is the show run:

Router1#show run
Building configuration...

Current configuration : 1625 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$fi/i$a3lQyNfFM/KRdVN7KFGuy/
enable password <password>
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.1.1 10.0.1.2
!
ip dhcp pool DHCP
   network 10.0.1.0 255.255.255.0
   default-router 10.0.1.1
   dns-server 8.8.8.8 8.8.4.4
!
!
no ip domain lookup
ip name-server 8.8.8.8
ip name-server 8.8.4.4
voice-card 0
 no dspfarm
!
!
interface Loopback0
 ip address 10.0.2.1 255.255.255.0
!
interface GigabitEthernet0/0
 description LAN
 ip address 10.0.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
 media-type rj45
 no mop enabled
!
interface GigabitEthernet0/1
 description WAN
 ip address <external IP> 255.255.255.248
 ip nat outside
 duplex auto
 speed auto
 media-type rj45
!
interface …

Hi again everyone -

So sorry to be a pest. Now that I have my ASA 5505 up and running with successful Internet access by devices on my LAN, I can't seem to get my DMZ to gain internet access. Nor can I get a simple IPSec site-to-site VPN to work.  This is really frustrating as the ASA on the other side already participates in another separate site-to-site VPN (setup by me) which works just fine.

I have looked at NAT rules and access rules and can't seem to find the difference. The only thing I did differently on this VPN was try Diffe-Hellman Group 1 as group 2 settings didn't work.

Below is the sanitized config of the ASA that has a working DMZ and a working VPN as well as the non-working VPN.  I have replaced my static public IP with xx.xx.xx.xx and the peer IPs in the VPNs are vv.vv.vv.vv for the one that works and ng.ng.ng.ng for the one that doesn't work.

I will return to this post momentarily and add a comment with the running configuration of the ASA at the other site.

Thanks in advance for any help.

Result of the command: "sh run"

: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password /zzzzzzzzz encrypted
passwd zzzzzzz.zzzz encrypted
names
name 192.168.1.0 dmz_outside
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.0.0.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xx.xx.xx.xx 255.255.255.252
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 …

Dear Experts,
I have an issue lately after upgrading email security appliance. All outbound mails are using my Cisco firewall interface IP and often bounces as my email server public IP is different. Email appliance is Sophos EA.
My email server public IP is 86.xxx.xxx.197
Cisco FW ASA interface public IP 86.xxx.xxx.196
There is n option on sophos to change outbound IP address it takes primary up (internal).
On Cisco I have all SMTP traffic going out via 86.xxx.xxx.197. but still traffic from sophos EA goes out via 196.
What should I do on Cisco ASA to make sophos ( internal IP 192.168.1.88) to use 86.xxx.xxx.197 for all outbound traffic.

For a few years, I've been running Cisco Any Connect 3.1 because their latest version, 4.2 causes blue screen of death BSOD driver corrupted expool errors whenever I use it.

This page on their site talks about this being a known bug.
https://quickview.cloudapps.cisco.com/quickview/bug/CSCuy01698

However, as of this morning, they have decided to auto-update me to 4.2 and now the nightmare has started all over again.

I've uninstalled and reinstalled twice now, hoping to figure out how to stop the auto update. There are messages about using the anyconnectlocalpolicy.xml file to turn off auto updates:
<BypassDownloader>true</BypassDownloader>

However, that does not exist in my directory, so that must be applicable to an older version.

I find NO WHERE where this bug is fixed. And since it is auto updating, I would think it would go all the way to the fix if one existed.

Can anyone tell me how to stop this nightmare? Either stop it from auto updating? Anything in my control panel area that allows me to stop apps from updating? Or anything?

thanks!