(Updated 2019/05/21) Copying the IOS to/from the asa ssh or use the console cable to connect to the asa. Get into configure mode: en (Enter enable password) conf t Create a user (or modify an existing user) with privilege 15 … Continue reading →
Notes on the following Items that are all italics like MyEnablePassword and OUTSIDE are names for items that you can select. They are case sensitive. Set the names of items so that you can remember what they are later on. For … Continue reading →
I had to install AnyConnect 3 on my Centos machine (yes, I know, it is long past end of life – but sometimes you have to take one step back to take two steps forward) and when I launched it … Continue reading →
I have found the following two sites helpful in finding issues with the configuration of SSL secured web sites https://ssltools.digicert.com/checker/ https://www.ssllabs.com/ssltest/analyze.html Test which ciphers (TLS, SSL, etc) are enabled nmap -sV –script ssl-enum-ciphers -p 443 www.yourdomain.com Ref: https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
Continue reading →Running ssh across a vpn connection I started having my ssh sessions fail to connect. After starting ssh with the “-vvv” option, the session would timeout after getting a debug1: expecting SSH2_MSG_KEX_ECDH_REPLY After doing some research, I found other people … Continue reading →
A quick synopsis on setting up a Cisco ASA and a Centos 6 or 7 system to use SNMP v3 to be monitored by Cacti Cisco ASA en conf t # create a snmp-server group (needed for SNMP v3) # … Continue reading →
Configuration 1 I have a situation where I have a group of users that are eating up 100% of the bandwidth in the office. I am limiting the amount of upstream and downstream bandwidth used by these selected users being … Continue reading →
The following is for working with the Cisco ASA with failover – where you have two ASA’s set up so that one will take over when one fails. This is not used for ISP failover. For that, see here. Force … Continue reading →
Starting from version 7.2(1) and upwards, the Cisco ASA 5500 series firewall supports now the Dual-ISP capability. You can connect two interfaces of the firewall to two different ISPs and use the new “SLA Monitor” feature (SLA=Service Level Monitoring) to … Continue reading →
Permit ICMP If you have an access-group applied to your outside interface already, use the name for the acccess-list that you are currently using in place of OUTSIDE_ACCESS_IN access-list OUTSIDE_ACCESS_IN extended permit icmp any any access-group OUTSIDE_ACCESS_IN in interface OUTSIDE … Continue reading →