Cisco

24K

Solutions

15K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi guys,
Got 3 vlans in my network
Using wire shark to capture some packets.
Is there any way to find looping issues in switch using swireshark ? Like broadcast storm ?
0
Ensure Business Longevity with As-A-Service
Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

Hello,

Is anyone know how to create SRV record from GUI or command line on Cisco Network Registrar 7.1.2.1 ?

Thank you.

Regards,

Xavier De Arburn
0
Hi Experts,

I was wondering if someone could guide me on configuring Cisco WLC 5508 as High Availability? My client has an existing 5508 WLC, and now purchased another 5508 as HA SKU and would like to set up the new 5508 as HA. Both WLCs are in the same location (same rack even). I read some guides online but maybe someone has done it recently or has concise instructions on the best way of doing this.

All tips and comments are appreciated!

Thank You!
0
Hi Experts,

i need your assistance, which bandwidth threshold value consider normal between PSN and PAN (cisco ISE).
currently bandwidth between PSN And PAN is 70 MB/sec.

Thanks,
0
I have a question on SFPs, the customer's switch is DEell S4048, I heard that it is 10G Dist. sw Does it always need to have 10G Transceiver for connecting to site WAN router (Cisco ISR) ?
0
We are planning to set up 802.1x on Cisco Catalyst 2960-X switches using Windows RADIUS server. What is the best way to include IP phones, and printers? Printers I suppose we can use mac addresses, but our pc's plug into the IP phones so they're on the same port.
0
Looking for a general guide on what needs to be done on the network end when a client goes to a new ISP and/or gets a new circuit installed.  I can't really find a guide or step by step instructions for a beginner network admin on what needs to be done on the firewall, router, etc.  What are the usual scenarios? Also, from a voice engineer perspective, what does usually he/she needs to do (porting numbers etc.)? I have a general idea on what is usually done (changing IP on WAN interfaces etc) but nothing conrete enough to be confident in doing it.

I realize that the question is rather broad but I'm really looking just for a general guide, checklist etc. I usually deal with Cisco environments if that helps.  

Any links for further readings would also be appreciated.

Thanks!
0
Hi Experts,

How we can check with TLS version on PSN persona of ISE.

Thanks.
0
Dear Experts, I'm testing the ARP inspection in Cisco switch 3750 and get this result when using show ip arp inspection command

Capture.PNG
Can you explain the results and suggest? Many thanks!
0
Hi,
I have an ASA5508 with Firepower license on HQ and need to filter the Internet surfing for both HQ (no problem there) and a few branch offices connected to HQ over MPLS ISP circuits.
I found out that FMC is not able to work as a traditional proxy for client (the one you would configure into workstations' browsers) and I really doubt that it may work inline as it does with locally connected interfaces.
Do you have any idea on a possible workaround to achieve my requirements for branch offices ?
Would a realm with radius users work, or would it just work as authorization layer ?

thanks
max
0
Active Protection takes the fight to cryptojacking
LVL 2
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

VLan segregation workstations/servers.
I have a Cisco3750 switch with vlan 100 (worstations), vlan 200 (servers). Vlan 100 is connected to asa5525 g4, vlan 200 is connected to asa5525 g3.
I have configure firewall with same security level to passs traffic. however, wokrstations are slow and can not connect to file serve and other server located on vlan 200.
Authentication to domain takkes time and  group policies  are not donwloaded from domain controller located on vlan 200 (server).
This is a new implementation. Workstations/Servers were together on vlan 200. I am segretating them.
what i can do on the switch/asa to  allow traffic and improve traffic. please advise.
I believe i need a NAT on the ASA from vlan 100 to vlan 200 both direction. you guys agree?
0
I just got a new Cisco ASA 5506-X firewall with FirePower licensing.
We want to set up SSL AnyConnect client for notebook and mobile phones to access internal servers(10.10.30.2/24) and access the internet via the remote gateway.
I am a newbie to ASA, could I have some examples?  Thanks a lot.
Remote server subnet: 10.10.30.0/24
VPN Pool: 192.168.10.0/24

I tried three examples for the Cisco website, but all of them can only fulfill part of my requirements.
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100918-asa-sslvpn-00.html#anc7
0
I have an office with Cisco 3702i AP's.  I am getting a lot of messages in my logs showing that some of my AP's are being contained.  I have got a wireshark capture of the deauth packets.  Can someone please help me identify anything I can about the source?  I captured the traffic by putting one of my AP's in sniffer mode and dump it to wireshark.

The MAC address of the sniffer AP is f4:4e:05:12:c0:28


Thanks!
Chlt-DeAuth.pcapng
0
Hi Guys

I have VRF setup between routers .
I know we can ping the interfaces by - ping vrf VRFNAME xx.xx.xx.xx

But How do I ping/tracert test remote device IP address ? The reason is when I ping test remote computer IP from router using above command, not able to ping but can ping its IP from devices behind the router.

Please advise?
0
I'm trying to design a system for PCI compliance on a LAN that has pinpads for credit card processing.  I'm getting stuck on how to do MFA (Multi-Factor Authentication) on the firewall and on managed switches.

The basic plan is to use VLANs to isolate the pinpads from the rest of the network.  As I read the specs, the managed switches and the firewall will all be part of the CDE (Cardholder Data Environment) for which the strict rules apply.  As long as the isolation is maintained, the other devices (PCs, printers, server, etc.) are not in the CDE scope.

As I read the specs, I need to have MFA on any CDE device where an administrator can have non-console access.  That would certainly appear to apply to the switches and to the firewall.

We'll likely have to replace the primary switch (it's a small network of 6 users).  We're presently using a Cisco ASA 5505 firewall and would like to try to keep it.

My challenge has been with how to set up MFA on the switches and on the firewall.  I'm not seeing it as a feature in the few switches I've looked at.  I'm also not seeing how to do it on the ASA without adding a Radius server.  I could do that on the Windows server, but that would bring it somewhat into the CDE and I'd really like to avoid that.

I would greatly appreciate any insight as to how to effectively, efficiently, and inexpensively implement MFA for a managed switch and for the ASA.  If that requires a different choice of devices, please suggest a suitable …
0
The sidecar module on one of our Cisco 9971 reception phones is no longer indicating busy lines. I have compared to others and settings look similar.

The main buttons on the phone indicate as expected. We have tried restarting the phone (power cycling) with the same result.

Can anyone tell of any settings that may impact this, or do we feel we have a bad sidecar?
0
Hi - ASA 5515    standard static NAT of 1 port 8443 public IP to an internal IP host  - it works on my phone external 4g connection    address https://example.com.au:8443 loads fine


but on my NBN at home it fail to work at all.   Why would this be the case - Not DNS have checked this + windows firewall off - must be something to do with NBN/or NAT?

any idea anyone please
0
Hello,

Trying to bundle two site to site Ethernet 1 GIG links and receiving Suspended state on one on the links.

I have pulled down both ends and started again, always getting the Suspended state

Please find attached the config of both sites.


Thank you in Advance
0
Hello everyone,


I have a Cisco ASA 5516 with two inside interfaces. One is for customer LAN and another is for a few branch offices connected via a router that is connected to the 2nd Inside interface (All those offices are in the same building connected by a FO backbone. Customer is going to replace an old ASA 5510 where almost the same config already works.  

LAN network is 192.168.0.0/24 connected to 1/3 on ASA

Branch Offices are connected to 192.168.2.0/24 connected to 1/4 on ASA
 
I want to be able to ping and have unrestricted traffic between them.

Currently I have a laptop connected to int 1/3 and another one connected to Int 1/4 but no ping.

Someone please help!

Here's the configuration

ASA Version 9.8(2)17
!
hostname ASAFCHFW
domain-name mydomain.com
enable password $sha512$5000$pt2nRGQbSXA8K3vdow+Ztg==$kGNfDJREqQCQ+jO7m0bxmQ== pbkdf2
names
no mac-address auto

!
interface GigabitEthernet1/1
nameif Outside
security-level 0
ip address x.x.x.131 255.255.255.240
!
interface GigabitEthernet1/2
nameif DMZ
security-level 10
ip address 172.16.31.1 255.255.255.240
!
interface GigabitEthernet1/3
nameif Inside
security-level 100
ip address 192.168.0.2 255.255.255.0
!
interface GigabitEthernet1/4
nameif Branch_Office
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no …
0
Rowby Goren Makes an Impact on Screen and Online
LVL 13
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Dear Experts,

I have Cisco Jabber installed in most of the laptops in my organizer and I am asked to uninstall it using GPO, The users do not have admin right but I do have domain admin account, I need to know if anyone has done this over the GPO and how can I RUN ELEVATED commandline in GPO to trigger the uninstall.
Any help will be appreciated.
0
Hello,

There seems to be a lot of discards happening on an interface of my Catalyst 9300. Here are some images to validate what is happening.
Imterface-Discards.JPGOpManager-Discards.JPGSolarwinds-Discards.JPG
This port on the switch goes to a Fortigate 300E. Would I be able to identify these discarded packets with Wireshark and spanning the port like so:
monitor session 1 source interface TwoGigabitEthernet1/0/8
monitor session 1 destination interface tenGigabitEthernet 1/0/45 encapsulation replicate

 I ended up trying it with Wireshark and got this, but not sure if it's my problem.
Interface-Info.JPGWireshark.PNG
0
Dear Experts, how can I configure the traffic shaping at L2 ?

We are using Switch Cisco 3750 / 2960, Catalyst Express 500

Many thanks in advance!
0
AnyConnet VPN client can access the internet via the remote gateway, but cannot internal servers.

I followed the instructions from (first example, with tunnel all configuration)

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100918-asa-sslvpn-00.html#anc7


I can not ping or access the 10.10.30.99(Internal server) or 10.10.30.2 (ASA internal LAN) after connected VPN.

Could I please have some advice? Many thanks.
ASA-show-run.txt
0
Need To Locate Disk UID/Serial Number with WWN/WWPN @UCS Running Win 2012 Server for single /multiple Boxes

How can we extract using command line/Script/utility  from OS level or if any way to get it from UCS Manager?
0
Hello
We have a problem with our remote clients that are terminating across the cisco anyconnect VPN.  Currently we are unable to browse to the \\unc path of the said remote client, but not all machines.   The problem has been intermittent for a over a year now.  It has gotten worse since 1809 update to Win10.

We can browse from remote client to the LAN and UNC paths.
We can ping both ways i.e. 172 (local LAN) to the remote vpn client IP 10.255.255.*.
DNS is registering the 10.255.255.* IP in reversse lookup.
DNS is also registering local IPs on the forward lookup zone domain.local - this seems to be what is being resolved.

Im thinking its DNS wrongly configured but hesitant to make changes...

Any ideas?

Thanks
0

Cisco

24K

Solutions

15K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).