Category: Cisco

Useful ASA commands

Finding objects within an object-group show run object-group network | i object-group|1.2.3.4




Cisco Virtual ASA & VMWare Interfaces

Newtork Adapter ID ASAv Interface ID Network Adapter 1 Management0/0 Network Adapter 2 GigabitEthernet0/0 Network Adapter 3 GigabitEthernet0/1 Network Adapter 4 GigabitEthernet0/2 Network Adapter 5 GigabitEthernet0/3 Network Adapter 6 GigabitEthernet0/4 Network Adapter 7 GigabitEthernet0/5 Network Adapter 8 GigabitEthernet0/6 Network Adapter 9 GigabitEthernet0/7 Network Adapter 10 GigabitEthernet0/8




Cisco ASA Site to Site VPN using ASDM

(Using most common configuration) 1) – Configuration -> Site-to-Site VPN -> Connection Profiles Allow IKEv1 access on the outside interface 2) Configuration -> Site-to-Site VPN -> Advanced -> IKE Policies Priority 10 Authentication: pre-share Encryption: aes-256 DH Group: 2 Hash: sha Lifetime: 86400 seconds 3) Configuration -> Site-to-Site VPN -> Advanced -> Tunnel Groups Name: IP…




Cisco ASA Site to Site VPN Configuration (CLI)

(Using most common configuration) 1) Enable IKEv1 on the outside interface: crypto ikev1 enable outside 2) Create the IKEv1 policy – this defines the algorithms used for encryption, hashing, DH group, authentication and lifetime crypto ikev1 policy 10 encryption aes-256 hash sha group 2 authentication pre-share lifetime 86400 3) Create a Tunnel Group and define…




ASA Packet Captures (CLI)

The ASA packet capture is a handy tool to use when troubleshooting connectivity through a firewall. Starting Captures To start a capture on the CLI of an ASA firewall the syntax is: capture <name_of_capture> type raw-data interface <ingress_interface> buffer <size_of_buffer> match <tcp|udp|ip> <source> <destination> eq <port_number> Where the source and destination can be any, host or a network range….




Basic ASA SSH Configuration

To enable SSH on a Cisco ASA firewall, carry out the following: 1) Create a public/private key pair asa(config)#cyrpto key generate rsa general-keys modulus 2048 2) create a username/password asa(config)#username password 3) tell SSH to use the local database for authentication asa(config)#aaa authentication ssh console LOCAL 3) enable ssh v2 only asa(config)#ssh version 2 4)…




Cisco ASA Upgrade process (active-failover)

To upgrade two ASA firewalls in an Active/Standby failover configuration, use the following steps: 1) To find out the current image of the ASA run the following command ASAactive#show run boot 2) Specify the new boot image for the ASA and remove the line for the old image ASAactive(config)#boot system disk0:/newASAimage.bin ASAactive(config)#no boot system disk0:/oldASAimage.bin 3)…




Cisco Catalyst 3750 Password Recovery

To recover a forgotten password on a Cisco 3750 switch use the following guide: 1) Hold down the ‘MODE’ button while powering on the router 2) Hold the button down for approx 15 seconds or until the ‘SYST’ LED turns green. When releasing the ‘MODE’ button, the SYST LED will start flashing. 3) At the…




Cisco Catalyst 3750 Switch Stacks

Physical Configuration of Stack Switch1:stackport1 -> Switch2:stackport2 Switch2:stackport1 -> Switch3:stackport2 Switch3:stackport1 -> Switch1:stackport2 Each switch must be running the same Cisco IOS software image and have the IP services set enabled. To find out which stack port are being used on the switch stack, use the following command: 3750Stack#show switch stack-ports Switch #   Port 1   Port 2…