Tag: asa

Useful ASA commands

Finding objects within an object-group show run object-group network | i object-group|

Cisco Virtual ASA & VMWare Interfaces

Newtork Adapter ID ASAv Interface ID Network Adapter 1 Management0/0 Network Adapter 2 GigabitEthernet0/0 Network Adapter 3 GigabitEthernet0/1 Network Adapter 4 GigabitEthernet0/2 Network Adapter 5 GigabitEthernet0/3 Network Adapter 6 GigabitEthernet0/4 Network Adapter 7 GigabitEthernet0/5 Network Adapter 8 GigabitEthernet0/6 Network Adapter 9 GigabitEthernet0/7 Network Adapter 10 GigabitEthernet0/8

Cisco ASA Site to Site VPN using ASDM

(Using most common configuration) 1) – Configuration -> Site-to-Site VPN -> Connection Profiles Allow IKEv1 access on the outside interface 2) Configuration -> Site-to-Site VPN -> Advanced -> IKE Policies Priority 10 Authentication: pre-share Encryption: aes-256 DH Group: 2 Hash: sha Lifetime: 86400 seconds 3) Configuration -> Site-to-Site VPN -> Advanced -> Tunnel Groups Name: IP…

ASA Packet Captures (CLI)

The ASA packet capture is a handy tool to use when troubleshooting connectivity through a firewall. Starting Captures To start a capture on the CLI of an ASA firewall the syntax is: capture <name_of_capture> type raw-data interface <ingress_interface> buffer <size_of_buffer> match <tcp|udp|ip> <source> <destination> eq <port_number> Where the source and destination can be any, host or a network range….

Basic ASA SSH Configuration

To enable SSH on a Cisco ASA firewall, carry out the following: 1) Create a public/private key pair asa(config)#cyrpto key generate rsa general-keys modulus 2048 2) create a username/password asa(config)#username password 3) tell SSH to use the local database for authentication asa(config)#aaa authentication ssh console LOCAL 3) enable ssh v2 only asa(config)#ssh version 2 4)…

Cisco ASA Upgrade process (active-failover)

To upgrade two ASA firewalls in an Active/Standby failover configuration, use the following steps: 1) To find out the current image of the ASA run the following command ASAactive#show run boot 2) Specify the new boot image for the ASA and remove the line for the old image ASAactive(config)#boot system disk0:/newASAimage.bin ASAactive(config)#no boot system disk0:/oldASAimage.bin 3)…