Cisco ASA – Software Effect Enterprises, Inc

Cisco AnyConnect on Centos 7

Posted on August 19, 2019 by SEEIAugust 19, 2019

I had to install AnyConnect 3 on my Centos machine (yes, I know, it is long past end of life – but sometimes you have to take one step back to take two steps forward) and when I launched it … Continue reading →

ssh fails to connect with debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

Posted on November 11, 2018 by SEEINovember 11, 2018

Running ssh across a vpn connection I started having my ssh sessions fail to connect. After starting ssh with the “-vvv” option, the session would timeout after getting a debug1: expecting SSH2_MSG_KEX_ECDH_REPLY After doing some research, I found other people … Continue reading →

Using SCP to copy files to/from ASA

Posted on December 12, 2017 by SEEIMay 21, 2019

(Updated 2019/05/21) Copying the IOS to/from the asa ssh or use the console cable to connect to the asa. Get into configure mode: en (Enter enable password) conf t Create a user (or modify an existing user) with privilege 15 … Continue reading →

Configuring ASA from scratch

Posted on November 7, 2017 by SEEINovember 18, 2017

Notes on the following Items that are all italics like MyEnablePassword and OUTSIDE are names for items that you can select. They are case sensitive. Set the names of items so that you can remember what they are later on. For … Continue reading →

Dual ISP’s on ASA

Posted on August 31, 2017 by SEEIAugust 31, 2017

Starting from version 7.2(1) and upwards, the Cisco ASA 5500 series firewall supports now the Dual-ISP capability. You can connect two interfaces of the firewall to two different ISPs and use the new “SLA Monitor” feature (SLA=Service Level Monitoring) to … Continue reading →

Permit Ping, Traceroute and MTR through ASA

Posted on August 31, 2017 by SEEIAugust 31, 2017

Permit ICMP If you have an access-group applied to your outside interface already, use the name for the acccess-list that you are currently using in place of OUTSIDE_ACCESS_IN access-list OUTSIDE_ACCESS_IN extended permit icmp any any access-group OUTSIDE_ACCESS_IN in interface OUTSIDE … Continue reading →

Forcing / Testing Cisco ASA Failover

Posted on August 31, 2017 by SEEIAugust 31, 2017

The following is for working with the Cisco ASA with failover – where you have two ASA’s set up so that one will take over when one fails. This is not used for ISP failover. For that, see here. Force … Continue reading →

SNMP v3 and Cacti

Posted on June 13, 2017 by SEEIMarch 31, 2018

A quick synopsis on setting up a Cisco ASA and a Centos 6 or 7 system to use SNMP v3 to be monitored by Cacti Cisco ASA en conf t # create a snmp-server group (needed for SNMP v3) # … Continue reading →

Web Site Certificate/SSL Tests

Posted on May 13, 2016 by SEEIJune 16, 2019

I have found the following two sites helpful in finding issues with the configuration of SSL secured web sites https://ssltools.digicert.com/checker/ https://www.ssllabs.com/ssltest/analyze.html Test which ciphers (TLS, SSL, etc) are enabled nmap -sV –script ssl-enum-ciphers -p 443 www.yourdomain.com Ref: https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html … Continue reading →

Installing a wildcard SSL certificate from your Apache web server on a Cisco ASA

Posted on March 31, 2016 by SEEIAugust 15, 2017

(Tested in a Cisco ASA 5505 and 5506-X running 9.x IOS) Find the certificate and the key files on your web server. These will be listed in your configuration file as SSLCertificateFile and SSLCertificateKeyFile. You will also need the chain … Continue reading →