Category Archive: Security

Mar 06

ASA 8.3/8.4 NAT Migration Lab Guide – Lab 1.0

Main Post

This lab is part of the series of LAB which details how migrate NAT configurations from Pre ASA 8.2 version to ASA 8.3/8.4 Lab1.0 Setup Dynamic NAT / PAT Overload

Three devices in total, One router representing internal networks One ASA firewall where NAT Is configured One external router representing ISP …

Continue reading »

Mar 05

ASA 8.4 with ASDM on GNS3 – Step by Step Guide

This post details the method to connect to Firewall in GNS3 using ASDM. You will establish ASDM session from your machine to GNS3 so we will be building connection/bridge between GNS3 and PC. Also because first you will have to copy ASDM via TFTP to Firewall so this connection is necessary.

1. Follow this guide …

Continue reading »

Mar 01

ASA 8.3/8.4 NAT Migration Lab Guide

Lets reinvents the wheel. Just to add a bit more fun to NAT, Cisco now a new (third) way to configure NAT on the Cisco devices. Yes, third as its already a bit different for configuring NAT on Rotuers, different on ASA pre 8.2 and here we are with NAT on ASA 8.3/8.4. I am …

Continue reading »

Feb 21

Cisco ASA 8.4 on GNS3

I struggled quite a lot of get ASA 8.4 working on GNS3. I had 8.0(2) working and was helping to test the configurations and VPNs but now wanted to get 8.4 running such that I can prepare myself for new NAT statements and migration from 8.0(2) to 8.4(2).

Here are the steps to get it …

Continue reading »

Feb 11

Site to Site VPN without NAT – L2L IPSec VPN

This guide helps you build a LAN to LAN VPN without NAT applied. This is first part of series where we will be moving from a very simple VPN setup to a highly complex one. In this first part we build this VPN by simulating two site connected via an ISP router. By the end of …

Continue reading »

Feb 10

Cisco ASA Concurrent Auth Proxy Connection Limit

If you are using authentication proxy to authenticate users before accessing any services through the firewall, you can be looking at limiting the number of concurrent connections which are allowed through. To change this limit you can either use ASDM or command line.

Command Line: The command to use

aaa proxy-limit 15 or whatever number …

Continue reading »

Dec 20

Site to Site VPN with Internet Access (Hairpinning)

The primary purpose of this Lab is to test site to site VPN and to make sure that users on remote site are able to access internet via main site.  You will see in the post that all of the configuration is similar to a normal L2L config between a router and firewall however all …

Continue reading »

Mar 24

Clear Established Connection before Implemeting new Restrictive Rule to Firewall

A firewall doesnt check rule set for a connection which is already established.This means that if two devices have established connection through firewall and you add Deny rule afterward it wouldnt terminate the session already in progress. To become rule effective this connection needs to be terminated or use following command with different vairst …

Continue reading »

Mar 24

Cisco ASA Running Config doesnt show password strings

The show running config command on Cisco ASA devices doesnt show the password in output and also hides the SNMP Community Strings. To include passwords in the output file use the following command

ASA5520#more system:running-config

Feb 03

Traceroute through Cisco ASA Firewall

To allow traceroute through firewall needs configuration depending on the source of traceroute command. Microsoft uses tracert command and  ICMP message types for traceroute (unreachable, time-exceeded, echo-reply). You will use following ACL entries to allow trace traffic to pass through the firewall. In the following example the inside interface is allow to reach hosts but outside …

Continue reading »

» Newer posts