Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Cisco 800

need help whit nat translation

i set u the nat to Dialer0 but the wan wont let me get a ping to

--------------------------------------------show run
hostname G1_router
ip source-route

ip dhcp pool ccp-pool

interface Vlan1
 ip address
interface Dialer0
 description *** WAN ***
 mtu 1492
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname *****@EDPNETFIX
 ppp chap password 0 ******
 ppp ipcp dns request
ip route Dialer0
Cloud Class® Course: MCSA MCSE Windows Server 2012
LVL 12
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

All of a suddent, I'm getting these error messages and I'm not sure why.  It's not giving me the IP address of the other switch, I'm not sure what the T46.... number referenced is?
Any thoughts?

Hi experts,

I connect to VPN to a clients environment via Cisco AnyConnect Secure Mobility Client.  Once connected I then remote desktop into the machine at the client and I can work etc.

Whenever I do this I lose all internet access from the laptop I connect through at my home.  So I can't have an email client running locally as it will not connect to email server.  I can't minimize the remote desktop and browse internet with a local browser.  It's like it completely takes over my internet for some reason.

So I created a new VM via VMWare and thought I would just use the VM to vpn into the client as the VM should share the internet connection.   To my surprise, even when I do that, the internet will not work on my local machine.  The VM completely takes over my entire internet once I connect to Cisco AnyConnect.

I figure this is probably security related but is there anywhere or any setting I can do so it shares the connection?

Or in VMWare something where it won't allow it to take over entire connection?

Thanks for any inisight.

We have a switch stack of 7 3750 switches. One switch just seemed to stop working, still has power. After restart, using the sh switch command, the switch seems to be stuck at initializing, after restart the of the stack, the switch shows ready. Its a POE switch and plugging a phone directly into the switch, no power. However plugging in a laptop works, data is working just not power no data. I used some basic commands, show config, ver, vlan, int and compared the configs to the other switches and everything looks good.  The switch in question has no error using sh int. Any suggestions greatly appreciated. Below is a output from sh int, for the switch in question,  all ports are shown the same.

FastEthernet5/0/20 is down, line protocol is down (notconnect)
  Hardware is Fast Ethernet, address is 0017.94b5.d016 (bia 0017.94b5.d016)
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 …
Can someone tell me where I can find autonomous code for a 3800 series Cisco access point?
I have added a couple of Cisco switches in my environment to replace a couple of failed older ones and moved connections. I was wondering if I should clear the mac address tables on my other switches?
hey guys,  I used this module for 1Gb fiber ISP link.  SFP-1G-LR

Are there 10Gb modules available for the same Catalist 3850 switches?  SFP-10G-LR

I am using cisco catalyst 3850 48port

appreciate your help!
NAT Rules for Ironport and Barracuda

I have the private IPs for both, they are both used for Inbound and only Ironport is used for Outbound mail

IPs are for example and they're set as smart hosts on the one send connector

Is there a way to find out what the NAT rules are as to how it was setup

Looking to work backwards using the IPs to find public IPs etc
In our datacenter we have a ASA pair (failover active/standby) which are connected to 2 ISP's. We are currently migrating from ISP1 to ISP2 and are using Policy Based Routing (PBR) on the ASA to make the transition smooth. We can pace the migration and move services step by step to the new ISP.

Everything seems to be working pretty well with PBR except for a problem with some site-to-site VPN-connections. We have a couple of site-to-site connections coming in on the ASA, for some we have access to both endpoints, for others the endpoint is managed by a third party. So originally the site-to-site connections are terminated by the ASA on ISP1, the remote end is connecting to the WAN IP of ISP1. To migrate we want to terminate the VPN on ISP2 on the ASA. So we reconfigure the remote endpoint to connect to the WAN IP of ISP2.

During the migration we use ISP1 as default (lowest metric in static route). With PBR we make sure that VPN traffic from and to ISP2 is routed correctly.

For Site-REMOTE1 and site-REMOTE2 this is working flawlessly, the remote endpoints are now connecting via ISP2 and are setting up a tunnel where we can see traffic TX and RX on both endpoints. Services at both ends working and tunnel is functioning.

For Site-REMOTE3 we see incoming and outgoing traffic on the ASA in the datacenter, but the remote endpoint is not receiving traffic (RX = 0). The tunnel is online and counter for RX datacenter ASA = counter TX REMOTE ASA.

If I switch

I am seeing a lot of collisions and errors on a WAN port (Sophos SG210) which connects to fiber NTU ( Cisco ME 3400E)

This is 100Mb up/down fiber but I am getting around 60Mb download and 3Mb upload. I think the cause of the slow upload speed is because of the packet collisions and errors.

I get around 70Mb/70Mb when I connect my laptop directly to the NTP.

What would be the cause of the problem?

Here is ifconfig on the WAN link on SG210.

eth1   Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
          inet Mask:
          RX packets:373271 errors:0 dropped:0 overruns:0 frame:0
          TX packets:220080 errors:2306 dropped:0 overruns:0 carrier:2306
          collisions:128842 txqueuelen:1000
          RX bytes:527821557 (503.3 Mb) TX bytes:48346583 (46.1 Mb)

 ethtool eth1
Settings for eth1:
        Supported ports: [ TP ]
        Supported link modes: 10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
        Supported pause frame use: Symmetric
        Supports auto-negotiation: Yes
        Advertised link modes: 10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
        Advertised pause frame use: Symmetric
        Advertised auto-negotiation: Yes
Cloud Class® Course: SQL Server Core 2016
LVL 12
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

I have a Cisco ASA with version 7.3 adsm.  I need to change a peer address.  Need some help...
network-object host
tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes

commands are ok I just need the exact commands to remove and replace or directions on the ADSM 7.3 would be great too.
Dear Sir,

I would like to use the CISCO packet tracker 7.1 .
How can I register a account?

Thank you.

With regards,
Got called in to look at a very strange network the other day...  They were running a business off a (A) Linksys E2500 home wireless router.  Now off of this router is one cable going to a (B) Mako dual wan appliance, which then goes to a (C) Cybera appliance which hosts a VPN connection as well as a (D) Cisco RV042 router.  Now the other cable off the original router goes to another (E) E2500 Linksys router which only has a laptop and provides wireless to a printer and cell phones for employees.  

Now router (A) is controlling PPPoE from a bridged DSL modem.  Router (A) IP is and servicing everything via DHCP (This will change in near future).  Router (E) acting as an access point is also LAN IP of and handing out DHCP.  The laptop connected to (E) also has a secondary NIC via USB that connects to some point in the other side of the network.  The Mako fails over to secondary ISP (Cellular) after only a few minutes and generally won't return.  I believe either the laptop router (E) is creating the problem.  Router (A) is experiencing over 2,000ms latency and over 5% packet loss.  So I removed router (A) and reconfigured the DSL modem to handle the PPPoE and this now becomes router (A) in the equation.  This router is set to and has around 25ms latency with less than 2% packets loss and everything works great!  We are keeping an eye on this for a week or so, before any more changes are made.

Eventually the Mako should be the router and…
Hello Experts
i'm trying to set up WCCP between a Cisco 6500 router  and Bluecoat ASG-S200

This is the WCCP configuration on 6500 side :

access-list 150 permit tcp any any eq www
access-list 150 permit tcp any any eq 443

ip wccp web-cache
ip wccp 90 redirect list 150

int vlan 100
description << Client VLAN >>
ip wccp 150 redirect in

Open in new window

[b]sh ip wccp 90 detail [/b]
        No information is available for the service

Open in new window

Debugging on Cisco 6500

8385566: 20w4d: WCCP-EVNT:D150: Here_I_Am packet from service not active

Open in new window

Thanking in advance
Getting the "there is a problem with this windows installer package " when trying to install Cisco AnyConnect VPN client 4.5 or 4.6 on Windows 10 upgraded to version 1803. I have tried all the solutions on the internet for this but still hangs during installation and then errors. Anyone else having or had this issue?
I need help in configuring HA/load balance from Site A to Site B. Site A is the PRODUCTION and Site B is the BACKUP SITE. We have lease two Private line with two different providers running different speed. I need to configure Load Balance from Site A to Site B and vice-versa if possible, but i am more concert Site A to Site B.
We have Cisco 3850 on Site A, and two interfaces  connected to each ISP. Site B, we have Cisco 3750, and two interfaces connected to each ISP as illustrated.
ISP #1 is live with IP 10.10.10/32 passing all traffic between two site as of now. Type of traffic is IP, UDP, TCP, HTTPS, and FTP.
I need help configuring ISP#2 . I need to use both private line at the same time for load balancing using these two switches, and automatically fail-over if one line is down.  
I heard of Ether-channel, IP Based Policy, and Network load balancing. I need help with commands and scenario in the illustration below.  I greatly appreciate with the right directions.
Thanks a lot.
Our organization has a few Cisco 2960X network switches provisioned. We do NOT has SYSLOG server implemented on our site. Our question is without a syslog server, what is the default log message retention configuration. I understand that there is a log size limit (e.g. 4096 Mb) and as soon as the log size exceeded this limit, the log will be overwritten from the beginning of the log. We would like to know the default setting and how to change the log size limit if possible.

Thank you for your kind assistance in advance.

hello experts
i have some autonomous Cisco wireless AP, i need update them to lightweight, i did it from remote and successful, but i can't access it after update, neither telnet or ssh, i could only ping it, for the reason of controller located in another subnet, so i have to climb to the roof via ladder connect console to each device configure it connect to controller, that is not convince, for have so many devices.
my question is how i can access it after update.

thank you
Dear Experts,

I'm having an impossible time trying to VPN to a  Cisco Meraki Firewall with a LInux Ubuntu MATE desktop.

I only need to setup the secret key the username and password. I do not need to have a certificate.

The Linux VPN clients are not working. Is there a script I could use from somewhere?

Thank you!
Become a Leader in Data Analytics
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

We have a new Cisco ASA 5506-X.  We have it connected up as per the supplied diagram (Management 1/1 connected to GE1/3) and are able to access the ADSM and CLI as normal.  However, this device has "FirePOWER Services" but we are unable to see how to configure this.  According to the quick start guide (, we run the Startup Wizard and should get to the "ASA FirePOWER Basic Configuration"; however, this does not appear.

Here is our "show version":

Cisco Adaptive Security Appliance Software Version 9.9(2)
Firepower Extensible Operating System Version 2.3(1.84)
Device Manager Version 7.9(2)

Compiled on Sun 25-Mar-18 17:29 PDT by builders
System image file is "disk0:/asa992-lfbff-k8.SPA"
Config file at boot was "startup-config"

ciscoasa up 20 mins 29 secs

Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Open in new window

The ASA is on its default IP of   We have reset it to factory defaults and upgraded both ASA and ASDM to no effect.
How can we configure the FirePower services?
I am an IT consultant and recently one of my clients using a Cisco ASA5505 firewall stopped being able to use the rental car search through Alaska Airlines website. Checking the logs, I see deny entries for IPs that resolve to AWS. I am guessing that they are doing some sort of hand-off to a cloud server for the search and the firewall blocks it. I verified that this occurs for all my clients using an ASA5505 that try to search for rental cars through that site (hotel searches work), but is not an issue on 5506/5508 so I am guessing it is part of the default config. The default DNS limit is in place: policy-map type inspect dns preset_dns_map > parameters > message-length maximum 512, but the same issue occurred when I removed this limit. Is there an easy way to resolve this without sacrificing security?
Our network has a Cisco WLC and 3 DC's. We use a Windows 2016 NPS server for client authentication to the network. The issue I face is that even though the user (using domain and non domain devices) authenticates correctly with the NPS server, not all the Kerberos details are showing on the DC's. Has anyone had an issue when the not all Kerberos traffic is not being forwarded to a DC ?
Hello, just a quick question.  

On a Cisco device, is the enable password attributed to any user account at all?  I guess another way of asking, is the enable an account or user?  Or some other system abstraction?  IE just a password onto it's self?  IE, I am noticing that it is different than the main user account to connect to the ASDM and ASA console.  Can it be reset from the ASDM in case somehow it becomes unknown?

I am trying to monitor Cisco SV300 and SG350 switches using Spiceworks Network Monitor.  I have enabled SNMP on a test switch.  Spiceworks requires and IP address and a community string.  Is there a published list of default community strings for these Cisco switches?

I'm converting an old 5510 config from 8.2 to run on a 5508-X running 9.8(24). I've done a lot of these so I'm quite confident, however the old firewall has this in the config;

access-list inside_nat_static extended permit tcp host eq 4443 any 
access-list inside_nat_static_1 extended permit tcp host eq 8080 any 
static (inside,outside) tcp https access-list inside_nat_static 
static (inside,outside) tcp www access-list inside_nat_static_1

Open in new window

I'm not really used to seeing this but this is what I've come up with to replace it;


object network OBJ-
object network OBJ-
object service OBJ-TCP-4443
service TCP source eq 4443
object service OBJ-TCP-8080
service TCP source eq 8080
object service OBJ-TCP-HTTPS
service TCP source eq https
object service OBJ-TCP-WWW
service TCP source eq www
nat (inside,outside) source static OBJ- OBJ- destination static OBJ- OBJ- service OBJ-TCP-4443 OBJ-TCP-HTTPS
nat (inside,outside) source static OBJ- OBJ- destination static OBJ- OBJ- service OBJ-TCP-8080 OBJ-TCP-WWW

Open in new window

IS THAT CORRECT? Have I made a mistake? (this firewall wont be going live for a while) So I'd like a second opinion.






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).