Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All!

I need a suggestion, hope you people help me.
I have done CCNA,CCNP in Routing&Switching and Security now want to do CCIE  in Security but little confused about future because everything is moving into Cloud, so can you anyone suggest me doing CCIE will worth it or not? I heard that Cloud technology jobs have good packages Compare to Cisco platform.
Is there away to change the Site to Site VPN Tunnel on a Cisco ASA to use a different non-standard VPN Port (ISAKMP 500/udp)?

I have set up a IPSec Site to Site VPN between an ASA and a Cisco 4G 897 Router. The VPN is up and the setup is as follows:

HQ: to Site VPN--------------------------------Cisco 4G---------------Branch Office 1:

from the HQ, I can access the servers on the Branch office, (except cannot ping the gateway:

But from the Branch Office, I cannot reach any devices in the HQ.

All internet traffic from branch office needs to go through the VPN as well.

Any suggestions as to what I missed here?

Configs attached:
Branch Office 1: Mel_Site-Config-EE.txt
ASA: asa-config.txt
I have an inbound fiber circuit, with 5 static IP's.  I'm using 2 (.10 & .11), one for voice and one for data.  Problem is, this comes through a single port from the provider's router.

I have a cisco catalyst 2960-CX.  WAN is on port 1

I would like to pass all voice traffic to WAN .11, through port 7, to our host's internal router.  This should is to be a pass through with priority & QOS.

All LAN data traffic will pass .10 through to our firewall.

Which settings are necessary to accomplish this.

I am looking into a solution for load balancing to 2 physical servers that sit on a cisco nexus switches, 5ks. Is this doable? if so, how? Also, if not an option on a nexus, I can move it to an IOS switch 6800.

Thank you
We replaced a RV320 with an RV345. In the old router we had a routing to another network: with next hop of, this worked fine.

When we enter the routing in the new RV, we can only seem to ping the network, but our applications to the eternal network stopped worked.

We worked around this by adding the routing option to the PC’s itself, however this cannot be the solution for use with the Cisco RV345.

What can be the cause of this?
We have two Cisco switches directly connected.  One is using vlan 118, and one is using vlan 0.  All devices connected to both switches can communicate with each other - via ping, web interface, etc.  The only exception is that we cannot access any Linksys routers from a different subnet.  If I am using a computer on the 0 subnet, I can't ping or access the web GUI of a Linksys router that is on vlan 118, and vice versa.  I have asked Linksys about this several times, and I get answers like "you should never be able to access a device that is on a different subnet".  What I need to know is, is this by design?  Are the Linksys routers somehow just set up this way and it will never work, or is there something I can do to fix this?  If I have routers in a bunch of different subnets it becomes difficult to manage them if I can't access them from a different subnet.

Have a Cisco ASA 5515 in a failover setup. Want to upgrade image  to 9.9(1) from 9.7(1) and asdm to 7.9(1) from 7.7(1) without down time. Looking for upgrade procedure. Any help is great! Thanks.
I had this question after viewing Cisco 2504 wireless controller with multiple VLANs.

Hi Experts I am having an issue with Cisco Wlc 2504,I have about 15 AP's and eight switches spanning eight floors,the network part works well with all switches working and multiple vlans (each floor is a different vlan)configured.However i want configure one vlan for wifi that spans all switches and floors (vlan 113).I have setup the vlan on the core switch and on my dhcp server. If i plug my computer on switchport configured for vlan 113 i get an ip and everything works but now once I plug an AP to the switch it does not get an ip and doesn't even join controller.I have configure the switchport that connects to the WLC as trunk and the switch port that go to the AP's as accesports to acces vlan 113,On the Wlc the management interface (port 1)is untagged and the wifi vlan interface (int 113)is tagged to vlan 113 and mapped to wlan SSId what could be issue here now.
I have a client who bought an ASA5505 and requested me to replace existing firewall.
As I am not an expert in Cisco I seek help from a friend and did it.
Now if I send an email from Exchange it goes with internet/gateway IP not the email server dedicated IP.
If I type whatismy IP I get gateway IP.
I did it many times in Sophos and Fortinet but I am not good in ASA.
Is there anyone who is good in Cisco  can guide me?

Hi EE,

I have a Cisco stack containing 4 cisco switches. The Firm have decided to upgrade one of the smaller datacenters. So the stack needs to be divided into 2 smaller stacks containing 2 switches each.

(It is Out of Band, meaning a restart is not a problem).

I have an IP for the new stack.
I have a rack available with everything ready.

So what is the "Best practice" or best way to go about doing that?

Trying to stack 2 3650 switches and one member stuck in initializing, looks like IOS issue, seems they have different versions, but one seems way off and not sure if its reporting correctly?

*    1 52    WS-C3650-48PS      03.06.06E         cat3k_caa-universalk9 INSTALL

*    2 52    WS-C3650-48PS      16.3.5b           CAT3K_CAA-UNIVERSALK9 INSTALL

the second one is the one that will stay in initialization.  not sure how two switches purchased together could be that far off.
I just purchased a Siemon 10g ip 24 port patch panel and mounted it in my house for a home lab. I punched down my first port last night but something strange is happening. Right now I just have the cable coming directly from a laptop NIC to a punched down port on the Siemon 10g ip. The CAT 6E cable I made myself using the T-568B configuration. While this is my first patch panel punchdown, I have created a lot of cables in the past, using this same exact roll of 6E, so I am fairly sure my wiring is correct. I then have another cable going from the patch panel port to my Cisco SG300 switch. Now the problem is that I have no light on the SG300 switch port. I have 20 other devices working fine on the switch. I thought I wired it wrong but I re-wired the cable 3 times. The strange thing is that the laptop has full connectivity with lights on the laptop NIC. When I plug a cable into the laptop and plug directly into the switch I get lights on the switch port. I have tried multiple cables and multiple ports with the same result. When I unplug the cable coming out of the switch that is coming from the patch panel and insert it into a cable tester I don't get any lights on the cable tester check. Nothing whatsoever. without the patch panel the cable tester works fine. What could be wrong? Why do I have connectivity just no light on the switch? Why is the cable tester not showing me the wire checks? I have asked several network people and they have no idea. Did I purchase the wrong …
Is there a show command that should all router route decisions whether spawned by policy based routing (next hop) or a dynamic or static route? I think show ip route will not include pbr based route decisions.
Is there a special way to cable or config two 3650's as a stack with a stacking kit?
Hi ,

Am facing Port flapping problem on Cisco 2950/2960 switches which are connected to EDN/ESN since last couple of days...I have tried all basic troubleshooting still facing same issue..

Please suggest me to resolve issue...
Hello experts

I have an mpls backbone, with asr 920 and sw 3850. I want to connect a customer with a l2 pipe and transport their vlans across the backbone. The topology is: customer sw-asr920-mpls backbone-asr920-sw 3850-customer sw. In the 3850 I connect the customer with a dot1q-tunnel and in the next asr 920 I configure a service-instance with Q-in-Q, so I guess every received dot1q frame with vlan ID 1-4094 will be encapsulated with a second dot1q frame with an outer vlan specific for that customer. That´s clear for me.

My questions:

- let´s say that customer is using switches out of the box, with native vlan 1 for the trunks and vlan 1 for the access ports and it´s not working, those switches cannot see each other...what happens with untagged traffic when reaching the sw 3850? are these frames sent through the tunnel or are discarded at this point? Are they discarded in the asr 920? How are they encapsulated with a second dot1q header if that original frame is untagged and there is no dot1q header?

- Layer 2 protocols are also sent with vlan 1, what happens when reaching the sw 3850 with these traffic?

- what are my options appart from changing the native vlan in the customer side? Is it there a way to handle these untagged traffic to deliver it to the other side?

endpoint A: asr920 - customer sw out of the box

asr 920

interface GigabitEthernet0/0/8
 mtu 9216
 no ip address
 load-interval 30
 negotiation auto
 no keepalive
 service instance…
Hi all

I have1Cisco ASA 5525x, 1 3900 Router and 2 Internet connections. what is the best deployment method to supported what I have.

1. Should both Internet connections connect to Firewall Interfaces ?

2. Should  Both Internet connections connect to the Internet router ?

Any advice will be much appreciated.
As I was looking to prepare for a Cisco WCCP setup, I came across the following command and was wondering what does the "web-cache" command does on a router compared to just using ip wccp 90 redirect-list 120 group-list 10 password 12345

I have listed the web-cache command below for reference:

ip wccp web-cache redirect-list 120 group-list 10 password 12345

Any suggestion is appreciated
I'm in the market to buy a new switch. Please provide me with a list of affordable 1GBps 48 port Cisco switches that have the latest Cisco iOS.
SPAN/RSPAN:   While using SPAN to monitor traffic on a port-channel carrying multiple vlans, the keyword "filter" is it used to remove a Vlan from monitoring or does it only  allow said Vlan to be monitoried. As there is some contradiction between this, I was recently reading a cisco book and it was said that the filter command removed a vlna from beig monitored. But on my current kit whenever I have used the filter keyword it has actually only allowed that vlan to be monitored. Which on is true or does it vary on different devices?
I am trying to setup a Cisco monitor session. The source ports are g1/4 which is the inside interface for my Cisco ASA. The destination port G7/41 is on vlan 254. This is what I have so far.

interface GigabitEthernet1/4
 description ASA5515X-Primary-Inside
 switchport access vlan 256
 switchport mode access
 spanning-tree portfast

interface GigabitEthernet7/41
 description FP Network Agent
 switchport access vlan 254
 switchport mode access

monitor session 1 source interface Gi1/4
monitor session 1 destination interface Gi7/41
monitor session 1 filter packet-type good rx

For testing purpose I have a user going to an outside ftp site and I have Wireshark on G7/41 which shows no ftp activity. I am also not seeing any http or https activity. So I know I am missing something. Any assistance will be greatly apperciated.
I have a storage array that I would like to allow unimpeded access in/out of our ASA,  I was wondering if this is something simple without having to specific specific ports, just basically allow all
I have a tunnel that wont detect that the tunnel has dropped and continues to show up impacting my routing. I have set keepalives on the tunnel interface but it still remains up. on the other end I manually shut it down and it still does not go down

interface Tunnel0
 description Kuala Lumpur to Melbourne Link
 ip address
 ip mtu 1400
 keepalives 10 3
 ip virtual-reassembly in
 ip tcp adjust-mss 1380
 tunnel source Dialer1
 tunnel mode ipsec ipv4
 tunnel destination X.X.X.X
 tunnel protection ipsec profile ipsec-profile






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).