Troubleshooting Failover on the ASA
When troubleshooting failover on an ASA, there are a couple of spots to pay attention too. However we first need to understand how ...
Category Archives: ASA
Using Dynamic Access Policies for Controlling VPN
One of the easiest ways, in my opinion, to control VPN access is with DAP. Let’s dig into this with an example. We will be ...
ASA and LDAP
I seem to be working on a lot of ASA’s and Sourcefire lately and I always end up connecting to AD for authentication of some ...
Cisco Web Security (CWS)
Cisco Web Security (formerly ScanSafe) is a cloud based Web Filtering solution. It works pretty well and integrates with Anyconnect so ...
ASA-X serial number
Typically for a device we use show version to view the serial number. However, for some strange reason, in the ASA-X the number that is ...
ASA Asymmetric NAT
We had a normal AnyConnect VPN configured and everyone could get to the inside resources. We then put an application in the DMZ and ...
Viewing dropped packets on ASA
show asp drop is a great troubleshooting command for the ASA. ASA5505#show asp dropFrame drop:Invalid encapsulation (invalid-encap) ...
URL filter on ASA
A lot of people post on NetPro that they want to permit or restrict by domain names on a PIX/ASA firewall. You can’t just type in ...
Transferring files to ASA via FTP
For some reason I can never remember this command…FTP Servers IP is 192.168.1.50FTP Username is MMessierFTP Password is ...
Configure the ASA to show as a hop in trace routes
Sometimes you want the ASA to show up as a hop in a traceroute to the internet. Here are the commands to allow that. class-map ...
AnyConnect VPN User
show vpn-sessiondb remote filter name ASA-VPN-1# show vpn-sessiondb remote filter name MMessierSession Type: IPsecUsername : MMessier ...
Configure ASA to prevent mail relay
We as Network Engineers are often called upon to “fix” problems that others create. For example, how many Server Admins do you know ...
Read only ASDM
First we have to configure local AAA. We must configure authorization so we can tell what user gets what level of commands.aaa ...
Configure SSH on ASA
Configure SSH on a PIX PIX(config)#hostname PIXOnePIXOne(config)#domain-name mydomain.comPIXOne(config)#ca generate rsa key ...
Basic ASA config
Basic config for ASA no service call-homeclear config call-homeftp mode passiveclock timezone CST -6clock summer-time CDT recurringdns ...
Access public IP from inside on ASA
In short, there is no more alias command, so you need to create more statics! static(dmz,inside) 51.88.80.100 172.16.1.100 ...
Viewing VPN Keys
It’s well known that to recover VPN passwords for L2L tunnels you can copy the config to a TFTP server and view the configuration ...