Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi IT pros

Have this question.

We have a L3 switch Cisco 3750x our ISP is Verizon and we have a static IP.

How can I configure the L3 to connect directly to Verizon's box and have our inside users to have access to the internet? Should I worry about NAT on the L3 switch?

Verizon<<<<<<Switch<<<<< Users.
Thriving as a woman in IT
Thriving as a woman in IT

The IT workforce is diversifying, but the gender gap in tech remains very real. Overcoming stereotypes, and the glass ceiling is important not only for individual women working in the field but for the industry as a whole. Here are eight things women in IT do to succeed.

What is the easiest way to configure Cisco switches to use Vlans and Trunks?

- 6 Cisco switches
Fiber in
- VoIP
- PC
- IP cameras


I have 2 cisco routers which I am having problems VPNing between.

RV340W, firmware
IPSec Profiles
keying mode auto
ike version 1

Phose 1
DH Group 2 - 1024 bit
Encryption 3DES
Auth SHA1
SA lifetime 28800

Phase 2
Protocol Selection ESP
Encryption 3DES
Auth SHA1
SA Lifetime 28800
PFS enabled
DH Group 2 - 1024 bit

Site to Site
IPSec Profile - points to above settings
int WAN1
Remote endpoint Static IP
remote IP entered

Remote IKE Auth Method
Pre-shared key, complexity disabled, 14 digit key enterd

Local Group Setup
Local Intendifier type - Local WAN  IP
Local ID - Local IP Address
Local IP Type - Subnet
IP address - *.*.*.0 (local subnet)
Subnet mask -

Remote Group Setup
Remote ID TYpe - Remote WAN IP
Remote ID - remote IP address
Remote IP Type - subnet
IP Address - *.*.*.0 (remote subnet IP)
subnet mask

2nd routers

Cisco RV180W

IKE Policy
Direction/type - both
exchange mode - main

ID Type - Local WAN IP

ID Type - Remote WAN IP

IKE SA Parameters
Encryption algorithm 3DES
Auth Algorithm SHA1
Auth method  Pre Shared key
Pre shared key entered
DH Group 2 1024 bit
SA Lifetime 28800
Dead Peer Detection enabled
det period 10
reconnect after 3

Extended auth

VPN Policy

Policy type - auto
remote endpoint - ip address
remote ip entered
NetBIOS enabled

Local Traffice selection
local ip subnet
start address - …

I have a CISCO ASA 5506 Firewall that we use for VPN, using AnyConnect Client, is there a way to have a password policy, when creating user accounts for VPN, it's for audit purposes

We have a Cisco WLC 5508 with two SSIDs that point to the same 2012R2 server running NPS. Let's call the SSIDs USER and IT

I created two Network Policies in NPS: USER allows any domain user to join. IT should only allow members of the IT Wireless domain group to join.

Radius authentication works for all users. The problem I'm having is that any domain member is currently able to join the IT SSID via radius. I added the NAS-ID to the WLAN and to the Network Policy but that didn't seem to help. I'm not sure if the WLC is passing over what it needs for NPS to identify which SSID is being joined.

Any suggestions welcome.

Thank you
I am planning on replacing an amount of Cisco WS-C2960S-48FPS-L switches in out environment. My basic plan is as follows;
1. Upgrade new switches to latest recommended software
2. Install stack modules where appropriate
3. tftp the config from the existing switch(es) to tftp server
4. tftp the config to the replacement switch(es) from tftp server
5. physically swap old/new (paying attention to VLAN/significant connections)
1, Does this sound like a good approach?
2. How best to handle instances where switches are stacked? Do I need to tftp the image to each switch in stack or just the first (ie will stacked switches adopt the config from the first)?
3. In instance of stacked switch upgrade do I need to replace all switches in the stack at the same time (to ensure hardware/software compatibility)?
4. Is there anything I am missing or need to pay attention to?
This is the first time I have had to go through this process so your expert advice would be appreciated.
BGP Originate and Origin type.
Looking at this link:

Can someone explain the difference between BGP attributes : Originate and Origin type.

I looks like Bullet 3 and 5 in Cisco article have some similarity

Thank you
Hello Experts,

I have issue with an external client, he is using
a laptop with Cisco anyconnect vpn client and he would
usually connect to the vpn and would be able to browse the
internet and also access internal resources, shares and sites.

Today he connected from home and he was not able to browse anything,
I checked his laptop remotely and I was not able to ping google or resolve
any DNS names. To get him going I gave him default gateway IP in his VPN connection
but I am not suppose to do that.

My quest is why when he connects to vpN, the DNS stops.
I tried to replicate the issue using my hotspot and on my laptop
but i did not get the same symptons, my VPN does not give me GATEWAY ip and I
am able to browse plus access the internal resource.

I am certain this issue is local to his internet connection
at home.Please do let me know if anyone has any suggestions.

Env: Cisco Nexus 9508 with an 10Gbase-LR SFP connecting to the carrier. For the last few days the interface has been racking up input errors and CRC. Hundreds ever few seconds. We've replaced the SFP and we replaced the fiber from the SFP to the patch panel.

What trouble-shooting methods do I have my disposal once the carrier gets on site? I've had these maddening all night affairs where the vendor says "we're all clean to our next device in Deluth (or wherever). Besides replacing optics, shutting/no shutting the interface, what other tools would help to isolate the cause of these errors? Thank you.

(BTW A tech at the data center tried to throw us a loop but the interface went down from UDLD. If there's a way to make a hard loop to us more informative that would be good to know too)
I'm trying to limit SSH access to a Cisco ASR 9k switch running IOS XR Software, Version 6.2.3

From this document ..I tried to limit the ability to SSH to the management IP of the switch.
But after adding removing allow ssh and replacing it with allow SSH peer/address ipv4 - I am still able to ssh from any address at all. What am I missing?

   vrf management
   interface all
    allow SSH peer
     address ipv4

ipv4 virtual address vrf management
Busting 5 common myths about IT jobs.
Busting 5 common myths about IT jobs.

Ignore popular stereotypes about what it’s like to work in IT. It’s a tech-driven world, and tech-based jobs are among the most diverse, and rewarding as you can get. Think you’ll be holed up in a basement, staring at a computer while outsourcing threatens your job security?

Cisco Rv320 Port Forwarding not working. I can not ping computer from out the network (Example  Telnet 300) errored out , but ping on inside the network. I setup up everything  by Cisco Manual.
Creating a template from an ASA Configuration.

We are running Cisco ASA 5545 v 9.10 and using ASDM  7.10

We exported our configuration via ASDM to a text file and are using an Excel Macro to make all of the necessary changes to the configuration.txt file for the ASA's respective location. We use ASDM File Management to drop in the newconfiguration.txt on the ASA. From the CLI we verify the file is there using the Dir command. We use the Copy disk0:/newconfiguration.txt run command and it does not bring any configuration from the text file.

I have tried using .csv format as well.

What we are doing with the exported configuration.txt file from ASDM is a simple find and replace via a macro in excel. Excel saves the new file after the find and replace as a txt. We save the newconfiguration.txt and try to copy it to the running configuration.

Thoughts / Ideas? We would really like to use this process as a template because we have so many ASA's to release to the wild and this would significantly help reducing errors and man hours.
I have a site that uses a Cisco Wireless Lan Controller.  We have 3 access points that attach to the controller.  The controller is not set up as the DHCP and all the access points have static IP's.  About a month ago, the wireless devices were dropping their connection and no one seem to understand why.  Once the connection was dropped, the user could connect wired and get back on and then I would put a static IP into the wireless adapter and the computer worked fine.  I noticed every time I made this change, I would get the standard message that there were multiple networks connected.  I later discovered that the WLC was also sending out IP's.  I turned that feature off and the devices now connect to the correct DHCP server which is set up on the router.  I am still having the issue with devices dropping connections and I noticed that the DNS IP address is set to  I have no idea why that is being changed.  I have checked my router and that is fine.  I have checked my WLC and everything appears to be fine.  No one has access to this device but me and I don't see any setting that would cause this.  Any thoughts?
Trying to do a port range forward on an ASA and I am having a lot of issues getting it to work.  I have tried everything i can think of, to the point where i am throwing in the towel and just creating individual nat rules (there is over 100 entries), but when i did all the commands I found out that a network object can only have one rule at a time, so there is no simple way of building the commands.  In the past when i had to do something like this it just flat out would not work, but that was on an ASA running 8.3 or below, so there were no network objects and I could build 60 or so commands in excel and have the rules ready to go in about 5 minutes, not the case here as i would have to create over 100 network objects and put a command for each port on each one, and that's just crazy.  There has to be something i'm missing as this is a basic feature on pretty much all other firewalls.

I have been at this for days so I can't list all the things i've tried, but ask me if I've tried it and i should be able to tell you yes or no.  To try and get the port range forward to work what i have been doing is creating NAT rules and using service objects.  The asa takes the command but when i try to connect to the port it fails and in the logs it says the packet is discarded.  I have tried every variation I can think of on the NAT rule and I have tried mirroring (copying) it to a working network object nat rule to no avail.  Surely there is something i'm missing as other people have …
I tried to restrict SSH access to one of my Cisco Nexus 9508. Earlier I was permitting all RFC 1918 to SSH
and now it's limited to two bastions. BUT after modifying my ACL to have just two bastion hosts I am
still able to ssh to the 9508 at its management address from my desktop machine which shouldn't
be possible. What am I missing?

line vty
  exec-timeout 15
  access-class 5 in

core11-las# sho access-list 5

IP access list 5
        40 permit ip any
        50 permit ip any

core11-sf# sho users
NAME     LINE         TIME         IDLE          PID COMMENT
babadoo  pts/3        Feb 28 16:01   .          5121 ( session=ssh *
We are looking into detecting when users initiated a screen-share or remote control using the popular Conference programs out there. We are looking to detect this so we can then build some controls and alerts around the policy we want to enforce.
Note: We do not want to prevent the users from joining any of these business related conferences. We are just interested in Screenshares/remote controls.
Some popular common Apps used/needed for typical business are
RingCentral Meeting
Cisco Virtual Meeting
Dear All,

Good Day,

In our Org. we are using Windows Domain Controller, Cisco Server for IP Telephones, Cisco Switches & Door Access system.

need to Sync Time for all servers and device same time.

could you please guide me on how to do it.
Looking for help with the following,.  

A user has no problem connecting to the main office via Cisco VPN, but we would like to use that same connection for the sake of keeping things simple, to connect to a branch office which is already connected to the main office via site to site. The network is healthy, no issues at all, it's just this configuration that's needed.
Both firewalls are Cisco 5505.

Thanks so much for your help.


When adding an IP to an outside interface on a Cisco ASA,  what IP information do i need from my ISP

I believe its just an public IP address and subnet mask? Do I need a gateway address?
JavaScript Best Practices
LVL 13
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.


I need to allow access to a remote ip to be able to manage the config on my Cisco 5506. What's the best way?

I am learning how to configure an ASA 5525-X. I used the recommended configs below, connected cables per instruction, but cannot get to the ASDM admin page: Any suggestions?

interface management0/0
no shutdown
interface gigabitethernet0/0
nameif outside
ip address dhcp setroute
no shutdown
interface gigabitethernet0/1
nameif inside
ip address
security-level 100
no shutdown
object network obj_any
subnet 0 0
nat (any,outside) dynamic interface
http server enable
http inside
dhcpd address inside
dhcpd auto_config outside
dhcpd enable inside
logging asdm informational
9.blank.gif Save the new configuration:

write memory

Thanks in advance!
I'm in the process up updating firmware on network devices.
RV042 updates have gone well.
RV320 updates are NOT going well.

RV320 units are at firmware and we want to get to
Even existing units don't respond to laptop browsers: IE, Google Chrome, Firefox.
I believe the GUI is working but unless we reset to factory defaults, the browser *connections* fail.
As soon as a working configuration is loaded up, the connections stop working.

Any insights?
Hi Experts,

I have a problem with my Cisco SPA504G VOIP handset.

The horizontal red light at the top of the phone comes on when I receive a message.

I want the red light to be off all the time, as I receive my messages by email.

I changed the Cisco SPA504G configuration, Voice / Ext 1 / Call Feature Settings / Message Waiting to "no".
That turned the light off, but it came on again when the next message was left.

Is it possible on a Cisco ASA to advertise a network via BGP if the network in not in the routing table.

I have a Cisco ASA firewall with

1. one interface uplinking to a router (3rd party) that connects to our AWS estate.
2. One interface with a internet link with a ipsec tunnel to a second office which has an ip address range of

Because it is an ipsec tunnel the network does not appear in the routing table, but i want to advertise it out to the AWS estate via BGP. Normally i would just add a route to null for the super-net and then advertise that and all would work.

however adding a route to null stops the tunnel passing traffic so I want to know if there is any way to advertise a route to the network out to the AWS router via BGP with out having to have it in the routing table or any supernet of it.

Any thoughts
I need help with how to enter a IPHELPER address for a VLAN on my Cisco 9300 switch.  it is currently set to an address, and I want to change it.






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).